0

My Searches are being redirected. I've tried several different solutions posted elswhere online, but no luck whatsoever. Please let me know if you have any suggestions. Thanks in advance.

GMER 1:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-29 13:24:59
Windows 5.1.2600 Service Pack 3
Running: ssionnq5.exe; Driver: C:\DOCUME~1\ADMINI~1.SPI\LOCALS~1\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF8395D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF8395D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

GMER2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-29 13:23:05
Windows 5.1.2600 Service Pack 3
Running: ssionnq5.exe; Driver: C:\DOCUME~1\ADMINI~1.SPI\LOCALS~1\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF8395D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF8395D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!NtOpenProcess 805C1296 5 Bytes JMP F8395D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C1522 5 Bytes JMP F8395D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\svchost.exe[1352] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00AB000A
.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1900] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1900] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

DDS:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 16:24:52.17 on Sat 05/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.76 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator.SPIKE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100518162508.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGuiSt.exe
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} - hxxp://download.yahoo.com/dl/ypc/ypcxwizard2003080601.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coolsavings.coupons.smartsource.com/download/cscmv5X.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {32620CE8-D0AB-47D9-885B-8FDA4A3A2650} = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {e3623691-f85d-48d8-8e4d-abe79077f841} - No File
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-24 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-24 82952]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-24 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-24 188136]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-24 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-24 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-28 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-8 93320]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-24 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-24 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-24 170144]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-24 141792]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-24 55456]
S3 cpuz132;cpuz132;\??\c:\docume~1\hp_owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\hp_owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-24 152320]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-24 51688]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-24 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-24 83496]

=============== Created Last 30 ================

2010-05-29 18:30:05 0 d-----w- c:\docume~1\admini~1.spi\applic~1\Malwarebytes
2010-05-29 12:16:45 0 d-----w- c:\program files\Trend Micro
2010-05-29 05:24:12 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-29 05:24:03 0 d-----w- c:\program files\Panda Security
2010-05-28 20:08:24 2800 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-28 17:52:35 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-05-28 17:52:28 57344 ---ha-w- C:\SZKGFS.dat
2010-05-28 17:51:02 0 d-----w- c:\program files\STOPzilla!
2010-05-28 17:51:02 0 d-----w- c:\program files\common files\iS3
2010-05-28 17:51:01 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-05-28 04:19:42 166 ----a-w- c:\windows\system32\Compress.res
2010-05-28 04:08:23 740 ----a-w- c:\windows\system32\reimage.rep
2010-05-28 04:03:08 692 ----a-w- c:\windows\system32\reimage.nat
2010-05-28 03:59:28 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2010-05-28 03:59:27 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2010-05-28 03:59:27 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-05-28 03:59:27 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-05-28 03:59:27 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-05-28 03:59:26 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-05-28 03:57:59 1374 ----a-w- c:\windows\imsins.BAK
2010-05-28 02:26:04 15272 ----a-w- c:\windows\system32\Native.exe
2010-05-28 02:25:44 0 d-----w- C:\ReimageUndo
2010-05-28 02:09:16 0 d-----w- C:\rei
2010-05-28 02:09:06 0 d-----w- c:\program files\Reimage
2010-05-27 21:52:37 318 ----a-w- c:\windows\reimage.ini
2010-05-27 16:00:37 0 d-sh--w- c:\documents and settings\administrator.spike\PrivacIE
2010-05-27 15:35:39 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 15:06:23 0 d-sh--w- c:\documents and settings\administrator.spike\IETldCache
2010-05-27 15:05:59 0 d-----w- c:\docume~1\admini~1.spi\applic~1\Symantec
2010-05-27 13:14:55 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-27 13:14:27 0 d-----w- c:\program files\Trojan Remover
2010-05-27 13:14:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-05-27 12:40:20 0 d-----w- c:\program files\Microsoft
2010-05-27 12:40:07 0 d-----w- c:\program files\MSN Toolbar
2010-05-27 12:39:31 2 --shatr- c:\windows\winstart.bat
2010-05-27 12:39:18 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-05-27 12:39:18 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-05-27 12:38:52 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-05-27 12:38:47 0 d-----w- c:\program files\UnHackMe
2010-05-27 12:21:08 0 d-----w- c:\program files\MSN Toolbar Installer
2010-05-27 12:17:04 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 12:11:15 10193146 ----a-w- c:\windows\system32\SDQBESQNJL
2010-05-27 05:46:54 0 d-----w- c:\windows\ERUNT
2010-05-27 05:46:39 0 d-----w- C:\!FixIEDef
2010-05-27 05:13:41 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-27 05:13:40 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-27 05:13:40 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-27 05:13:40 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-27 05:13:40 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-27 04:41:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-26 21:09:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 21:08:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-26 21:08:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:08:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-11 14:02:08 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-05-11 14:02:08 1380403 ----a-w- c:\windows\system32\avgsdk.dll

==================== Find3M ====================

2100-04-08 17:45:26 69632 ------w- c:\windows\system32\Lxasmdm.dll
2010-05-28 04:08:25 1104896 ----a-w- c:\windows\system32\msxml3.dll
2010-05-28 04:08:23 58880 ----a-w- c:\windows\system32\atl.dll
2010-05-28 03:50:49 914944 ----a-w- c:\windows\system32\wininet.dll
2010-05-28 03:50:49 331776 ------w- c:\windows\system32\wpdmtpdr.dll
2010-05-28 03:50:49 246814 ------w- c:\windows\system32\strmdll.dll
2010-05-28 03:50:49 222208 ------w- c:\windows\system32\WMASF.dll
2010-05-28 03:50:49 20480 ------w- c:\windows\system32\wmpui.dll
2010-05-28 03:50:49 20480 ------w- c:\windows\system32\wmpcore.dll
2010-05-28 03:50:49 20480 ------w- c:\windows\system32\wmpcd.dll
2010-05-28 03:50:49 10752 ------w- c:\windows\system32\wpdtrace.dll
2010-05-28 03:50:44 96768 ------w- c:\windows\system32\drmstor.dll
2010-05-28 03:50:44 258296 ------w- c:\windows\system32\drmclien.dll
2010-05-28 03:50:44 21640 ------w- c:\windows\system32\emptyregdb.dat
2010-05-28 02:34:28 2188928 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-28 02:32:28 2065792 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-27 22:16:24 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16:24 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16:24 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16:24 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16:24 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16:24 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16:24 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16:24 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16:24 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-11 16:06:45 3645 ----a-w- c:\windows\viassary-hp.reg
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2001-06-20 22:19:18 40960 ----a-w- c:\program files\ACMonitor_X83.exe
2009-10-16 20:39:29 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-04-01 13:52:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat

============= FINISH: 16:26:41.81 ===============

MBYTES
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4154

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/29/2010 4:23:40 PM
mbam-log-2010-05-29 (16-23-40).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 298399
Time elapsed: 43 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:33 PM, on 5/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518162508.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coolsavings.coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32620CE8-D0AB-47D9-885B-8FDA4A3A2650}: NameServer = 192.168.1.254
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10853 bytes


Let me know if there are any other logs I can submit that may help. Thanks.

4
Contributors
53
Replies
54
Views
7 Years
Discussion Span
Last Post by dbrey99
0

Hi and welcome to the Daniweb forums :).

==========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

Hey ... thanks for the reoply and the help!

Here is the OTL.txt

OTL logfile created on: 5/30/2010 10:16:25 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.79 Gb Total Space | 151.84 Gb Free Space | 84.92% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 2.37 Gb Free Space | 31.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.87 Gb Total Space | 1.17 Gb Free Space | 62.49% Space Free | Partition Type: FAT

Computer Name: SPIKE
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/04/01 23:05:04 | 000,728,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/20 12:08:26 | 001,693,184 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 16:42:48 | 000,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2007/10/26 16:42:40 | 000,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/03/03 15:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/11/04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/10/14 16:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/10/13 18:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 18:00:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/10/13 16:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/07/28 10:33:02 | 000,910,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/05/19 17:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/02 19:16:10 | 000,086,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WscNetDr.sys -- (WscNetDr)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/10/13 19:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/04 08:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 12:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 12:28:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518162508.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MWLExe] C:\Program Files\McAfee\MWL\MWLGuiSt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [A00F1AABE18.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00F1AABE18.exe File not found
O4 - HKCU..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} http://download.yahoo.com/dl/ypc/ypcxwizard2003080601.cab (YPCXWizard Class)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coolsavings.coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {e3623691-f85d-48d8-8e4d-abe79077f841} - awash - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 22:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{4c50c0d6-c19f-11dc-aace-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4c50c0d6-c19f-11dc-aace-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ef31bde-ab80-11de-af9e-0011d8931462}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{f4db821a-767d-11d9-947e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f4db821a-767d-11d9-947e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/13 20:39:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/30 22:15:09 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/29 07:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/29 00:24:12 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/05/29 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/05/28 23:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/28 12:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/05/28 12:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/28 09:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Google
[2010/05/28 09:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/28 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/27 21:25:44 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2010/05/27 21:09:16 | 000,000,000 | ---D | C] -- C:\rei
[2010/05/27 21:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/05/27 08:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/27 07:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/27 07:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/05/27 07:39:18 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\RegRun2
[2010/05/27 07:38:52 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/27 07:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/05/27 07:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\gtopala
[2010/05/27 07:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/05/27 07:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/27 00:46:58 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/27 00:46:39 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010/05/27 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/27 00:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Simply Super Software
[2010/05/27 00:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
[2010/05/26 23:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\hvpfllebq
[2010/05/26 23:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\nrjjjdarp
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/26 21:56:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2010/05/26 16:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/05/26 16:09:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/26 16:08:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/23 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\eukyberbn
[2010/05/11 09:02:08 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/04/24 18:33:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/24 18:32:59 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/24 18:32:59 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/24 18:32:59 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/24 18:32:59 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/24 18:32:59 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/24 18:32:59 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/24 18:32:59 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/24 18:32:59 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/24 18:32:59 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/11 14:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity
[2010/04/05 09:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\DeductionPro 2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\HRBlock
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2100/04/08 12:45:26 | 000,069,632 | ---- | M] (Oasis Semiconductor Inc.) -- C:\WINDOWS\System32\Lxasmdm.dll
[2010/05/30 22:08:37 | 002,387,968 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/30 22:08:35 | 001,634,304 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/30 22:07:48 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/30 22:06:27 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/30 22:06:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/30 22:06:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 22:05:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/30 22:05:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/30 22:05:43 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/29 13:29:51 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 23:30:24 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/05/28 23:30:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/05/28 23:06:28 | 000,049,440 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 23:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 15:11:10 | 000,002,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | M] () -- C:\SZKGFS.dat
[2010/05/27 23:19:56 | 000,000,318 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/05/27 23:19:42 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:19:35 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/05/27 23:12:03 | 000,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/27 23:12:03 | 000,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/27 23:12:02 | 000,358,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/27 23:08:31 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/27 23:08:25 | 000,000,740 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:04:11 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:50:45 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/05/27 22:50:44 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 22:50:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 22:50:30 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/27 22:36:12 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/27 22:16:06 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/27 22:15:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/27 21:26:04 | 000,015,272 | ---- | M] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 08:44:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:51:01 | 004,274,856 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2010/05/27 07:39:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/27 07:39:31 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/27 07:39:31 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:39:18 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:28:19 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.bak
[2010/05/27 07:16:40 | 010,193,146 | ---- | M] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/26 21:58:27 | 000,129,780 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/26 17:44:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/24 15:48:03 | 000,012,156 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/21 18:58:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/21 12:16:58 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/15 16:51:33 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | M] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/05/11 09:02:08 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/05/05 10:52:45 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/04 14:52:31 | 000,012,620 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 14:14:16 | 000,009,602 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2010/04/15 09:18:45 | 000,190,682 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 19:15:45 | 000,015,804 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 17:08:23 | 000,011,312 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/13 17:08:18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/09 16:48:15 | 000,013,805 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:28:26 | 000,003,969 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/05 09:43:48 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/04/05 09:09:15 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2010/03/30 20:08:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:20 | 000,010,165 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:47 | 000,010,469 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2010/03/11 11:06:45 | 000,003,645 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2010/03/08 15:35:59 | 000,067,420 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Kimberly Belfield Resume.docx
[2010/03/05 15:20:40 | 000,010,809 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Grocery Prices.xlsx
[2010/03/03 10:08:15 | 000,291,887 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\knit and crochet dishcloths.pdf
[2010/03/03 10:04:57 | 000,494,850 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Chick and Bunny Cards.pdf
[2010/03/03 10:01:39 | 000,213,357 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Spring Card.pdf
[2010/03/03 09:57:30 | 000,190,566 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\P020913_fun_easy_cards.pdf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/30 22:05:43 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/29 13:29:51 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 15:08:24 | 000,002,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | C] () -- C:\SZKGFS.dat
[2010/05/28 09:55:32 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 09:55:30 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/27 23:19:42 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:19:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/05/27 23:08:23 | 000,000,740 | ---- | C] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:03:08 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:57:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 21:26:04 | 000,015,272 | ---- | C] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 16:52:37 | 000,000,318 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/05/27 08:44:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:39:31 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:27:12 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Owner\NTUSER.tmp.LOG
[2010/05/27 07:11:15 | 010,193,146 | ---- | C] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/27 00:27:33 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/05/27 00:13:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/27 00:13:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/27 00:13:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/05/27 00:13:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/26 21:58:05 | 000,129,780 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/22 16:51:03 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/05/19 20:56:32 | 000,012,156 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/15 16:51:32 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/04/29 09:32:34 | 000,012,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/15 09:18:44 | 000,190,682 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 17:08:11 | 000,015,804 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 16:09:39 | 000,011,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/09 16:48:14 | 000,013,805 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:29:11 | 000,003,969 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/09 16:05:04 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/05 09:43:48 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/03/30 20:05:32 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:08 | 000,010,165 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:46 | 000,010,469 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2010/03/03 10:08:15 | 000,291,887 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\knit and crochet dishcloths.pdf
[2010/03/03 10:04:57 | 000,494,850 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Chick and Bunny Cards.pdf
[2010/03/03 10:01:39 | 000,213,357 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Spring Card.pdf
[2010/03/03 09:57:30 | 000,190,566 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\P020913_fun_easy_cards.pdf
[2009/07/17 12:04:20 | 000,001,219 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/01/30 19:40:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/10/07 13:50:15 | 000,001,301 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/09/14 12:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/14 11:55:14 | 000,000,612 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/05/21 15:10:57 | 000,000,057 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2008/04/03 17:08:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/03/17 14:06:49 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/17 14:06:48 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/02/12 14:54:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/12 14:53:40 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/01/30 12:09:45 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/01/30 12:09:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lxasbce.dll
[2008/01/30 12:09:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2008/01/30 12:03:52 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LEXUSBCI.DLL
[2008/01/20 14:19:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/01/13 00:47:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/13 00:43:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/13 00:43:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/13 00:43:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/13 00:43:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/13 00:15:13 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2008/01/13 00:15:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2008/01/13 00:14:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2008/01/13 00:11:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/12 23:51:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/12 23:49:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/12 23:40:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/04 09:30:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 09:30:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 09:29:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 18:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 22:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/19 22:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/15 23:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2010/05/26 23:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/12 14:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/01 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/03/17 14:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/05/27 08:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/28 12:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/05 09:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/05/27 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 18:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/27 23:19:35 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/31 22:53:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/03/31 22:53:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/31 22:53:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/03/31 22:53:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2004/10/14 22:29:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/14 22:29:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/14 22:29:40 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

0

And THe Extras.txt

OTL Extras logfile created on: 5/30/2010 10:16:25 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.79 Gb Total Space | 151.84 Gb Free Space | 84.92% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 2.37 Gb Free Space | 31.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.87 Gb Total Space | 1.17 Gb Free Space | 62.49% Space Free | Partition Type: FAT

Computer Name: SPIKE
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\McAfee\MWL\MwlSvc.exe" = C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security -- (McAfee, Inc.)
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{7B98685A-4E21-4A4F-A2D6-DC557042BADA}" = HPIZplus450
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F931595-5561-4E26-AC78-7E9B1E3E9C98}" = WeatherBug
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9175D434-CEE7-486F-BE09-15C4A18ABC9C}" = TaxCut Illinois 2008
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBEDB9A0-4C5E-4F10-B64E-5EAD94FFCD40}" = H&R Block Illinois 2009
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0420D64-8D33-4374-A2B2-9225C7925CA6}" = HP Image Zone Plus 4.5.3
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}" = LS_HSI
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EF9DCAA9-3635-4776-B0BA-14883C3C711D}" = TaxCut Illinois 2007
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only)
"58D1A004-6D3C-480A-9E0D-FAA58F3C2A62" = Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"6B60434A-ABE1-48FF-906B-0EA67087AB25" = Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
"703E3900-69DA-47C9-9768-C6514098F149" = Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Arthur's Kindergarten" = Arthur's Kindergarten
"ATT-AACE" = ATT-AACE
"B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502" = Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
"B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1" = Polar Golfer from Hewlett-Packard Desktops (remove only)
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Crayola3DColor" = Crayola Magic 3D Coloring Book
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"First Thousand Words" = First Thousand Words
"getPlus(R)_ocx" = getPlus(R)_ocx
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo & Imaging" = HP Image Zone 4.5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"JumpStart Advanced Kindergarten" = JumpStart Advanced Kindergarten
"JumpStart Advanced Language Club" = JumpStart Advanced Language Club
"JumpStart Advanced Preschool" = JumpStart Advanced Preschool
"JumpStart Animal Field Trip" = JumpStart Animal Field Trip
"JumpStart First Grade" = JumpStart First Grade
"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground
"KG98_2.5" = JumpStart Kindergarten 98 v2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PRC_1.0" = JumpStart Parent Resource Center v1.0
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Reimage Repair" = Reimage Repair
"Silent Package Run-Time Sample" = EPSON CX7400 User's Guide
"The Weather Channel Screensaver" = The Weather Channel Screensaver
"Transition Math K-1" = Transition Math K-1
"UnityWebPlayer" = Unity Web Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2010 10:58:32 AM | Computer Name = SPIKE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/27/2010 11:01:21 AM | Computer Name = SPIKE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/27/2010 11:02:10 AM | Computer Name = SPIKE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/27/2010 11:02:30 AM | Computer Name = SPIKE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/27/2010 11:04:04 AM | Computer Name = SPIKE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/27/2010 11:04:06 AM | Computer Name = SPIKE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/27/2010 11:06:34 AM | Computer Name = SPIKE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/27/2010 11:06:50 AM | Computer Name = SPIKE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/27/2010 11:06:51 AM | Computer Name = SPIKE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/27/2010 11:06:53 AM | Computer Name = SPIKE | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 5/29/2010 4:36:49 PM | Computer Name = SPIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/29/2010 5:24:27 PM | Computer Name = SPIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/29/2010 5:31:39 PM | Computer Name = SPIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/29/2010 5:31:53 PM | Computer Name = SPIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/29/2010 5:47:45 PM | Computer Name = SPIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/30/2010 12:25:43 AM | Computer Name = SPIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/30/2010 11:06:07 PM | Computer Name = SPIKE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/30/2010 11:06:07 PM | Computer Name = SPIKE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/30/2010 11:09:11 PM | Computer Name = SPIKE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/30/2010 11:09:33 PM | Computer Name = SPIKE | Source = DCOM | ID = 10010
Description = The server {B299BB78-EBBE-48F9-8725-E6A84C4E7C1D} did not register
with DCOM within the required timeout.


< End of report >

0

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [] File not found
    
    :Commands
    [Purity]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
    [8]Post the log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
0

Here is the log from the Run Fix:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{144A6B24-0EBC-4D89-BF09-A06A718E57B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.SPIKE
->Temp folder emptied: 40340 bytes
->Temporary Internet Files folder emptied: 5243192 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: HP_Owner
->Temp folder emptied: 175040123 bytes
->Temporary Internet Files folder emptied: 259940 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1897940 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 84337815 bytes
->Flash cache emptied: 18794 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 11724 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 256.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[Reboot]:OTL> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnceEx: [] File not found> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.SPIKE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49152 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1310720 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.2 log created on 05312010_082209

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VBOJ6CK\fold_main.js.v48851.48851.48851.48851.48851.38771.48851.48851.87896.84182.86949.86949.62864.38771.66362.84183.84152.69832.38771.84694.38771.88197.84182.85491.84157.82231[1].14 not found!

Registry entries deleted on Reboot...


And here is the log from the quick scan:

OTL logfile created on: 5/31/2010 8:30:12 AM - Run 2
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.79 Gb Total Space | 152.06 Gb Free Space | 85.05% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 2.37 Gb Free Space | 31.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.87 Gb Total Space | 1.17 Gb Free Space | 62.50% Space Free | Partition Type: FAT

Computer Name: SPIKE
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/20 12:08:26 | 001,693,184 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 16:42:48 | 000,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2007/10/26 16:42:40 | 000,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2007/07/28 10:32:50 | 000,206,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MWLGuiSt.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/03/03 15:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/11/04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/10/13 18:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 18:00:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/10/13 16:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/07/28 10:33:02 | 000,910,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/05/19 17:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/02 19:16:10 | 000,086,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WscNetDr.sys -- (WscNetDr)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/10/13 19:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/04 08:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 12:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 12:28:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/31 08:23:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518162508.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MWLExe] C:\Program Files\McAfee\MWL\MWLGuiSt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [A00F1AABE18.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00F1AABE18.exe File not found
O4 - HKCU..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} http://download.yahoo.com/dl/ypc/ypcxwizard2003080601.cab (YPCXWizard Class)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coolsavings.coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {e3623691-f85d-48d8-8e4d-abe79077f841} - awash - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 22:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{7ef31bde-ab80-11de-af9e-0011d8931462}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{f4db821a-767d-11d9-947e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f4db821a-767d-11d9-947e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/05/31 08:22:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/30 22:15:09 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/29 07:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/29 00:24:12 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/05/29 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/05/28 23:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/28 12:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/05/28 12:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/28 09:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Google
[2010/05/28 09:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/28 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/27 21:25:44 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2010/05/27 21:09:16 | 000,000,000 | ---D | C] -- C:\rei
[2010/05/27 21:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/05/27 08:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/27 07:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/27 07:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/05/27 07:39:18 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\RegRun2
[2010/05/27 07:38:52 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/27 07:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/05/27 07:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\gtopala
[2010/05/27 07:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/05/27 07:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/27 00:46:58 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/27 00:46:39 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010/05/27 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/27 00:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Simply Super Software
[2010/05/27 00:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
[2010/05/26 23:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\hvpfllebq
[2010/05/26 23:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\nrjjjdarp
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/26 21:56:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2010/05/26 16:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/05/26 16:09:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/26 16:08:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/23 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\eukyberbn
[2010/05/11 09:02:08 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/04/24 18:33:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/24 18:32:59 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/24 18:32:59 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/24 18:32:59 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/24 18:32:59 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/24 18:32:59 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/24 18:32:59 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/24 18:32:59 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/24 18:32:59 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/24 18:32:59 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/11 14:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity
[2010/04/05 09:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\DeductionPro 2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\HRBlock

========== Files - Modified Within 90 Days ==========

[2100/04/08 12:45:26 | 000,069,632 | ---- | M] (Oasis Semiconductor Inc.) -- C:\WINDOWS\System32\Lxasmdm.dll
[2010/05/31 08:29:33 | 002,387,968 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/31 08:29:29 | 001,634,304 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/31 08:29:02 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/05/31 08:28:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/31 08:28:13 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/31 08:28:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 08:28:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 08:28:05 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 08:27:10 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/05/31 08:27:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/05/31 08:23:36 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/05/30 23:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/30 22:05:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/29 13:29:51 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 23:06:28 | 000,049,440 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 15:11:10 | 000,002,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | M] () -- C:\SZKGFS.dat
[2010/05/27 23:19:56 | 000,000,318 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/05/27 23:19:42 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:19:35 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/05/27 23:12:03 | 000,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/27 23:12:03 | 000,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/27 23:12:02 | 000,358,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/27 23:08:31 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/27 23:08:25 | 000,000,740 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:04:11 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:50:45 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/05/27 22:50:44 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 22:50:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 22:50:30 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/27 22:36:12 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/27 22:16:06 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/27 22:15:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/27 21:26:04 | 000,015,272 | ---- | M] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 08:44:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:51:01 | 004,274,856 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2010/05/27 07:39:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/27 07:39:31 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/27 07:39:31 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:39:18 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:28:19 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.bak
[2010/05/27 07:16:40 | 010,193,146 | ---- | M] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/26 21:58:27 | 000,129,780 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/26 17:44:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/24 15:48:03 | 000,012,156 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/21 18:58:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/21 12:16:58 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/15 16:51:33 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | M] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/05/11 09:02:08 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/05/05 10:52:45 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/04 14:52:31 | 000,012,620 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 14:14:16 | 000,009,602 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2010/04/15 09:18:45 | 000,190,682 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 19:15:45 | 000,015,804 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 17:08:23 | 000,011,312 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/13 17:08:18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/09 16:48:15 | 000,013,805 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:28:26 | 000,003,969 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/05 09:43:48 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/04/05 09:09:15 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2010/03/30 20:08:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:20 | 000,010,165 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:47 | 000,010,469 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2010/03/11 11:06:45 | 000,003,645 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2010/03/08 15:35:59 | 000,067,420 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Kimberly Belfield Resume.docx
[2010/03/05 15:20:40 | 000,010,809 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Grocery Prices.xlsx
[2010/03/03 10:08:15 | 000,291,887 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\knit and crochet dishcloths.pdf
[2010/03/03 10:04:57 | 000,494,850 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Chick and Bunny Cards.pdf
[2010/03/03 10:01:39 | 000,213,357 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Spring Card.pdf
[2010/03/03 09:57:30 | 000,190,566 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\P020913_fun_easy_cards.pdf

========== Files Created - No Company Name ==========

[2010/05/30 22:05:43 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/29 13:29:51 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 15:08:24 | 000,002,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | C] () -- C:\SZKGFS.dat
[2010/05/28 09:55:32 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 09:55:30 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/27 23:19:42 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:19:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/05/27 23:08:23 | 000,000,740 | ---- | C] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:03:08 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:57:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 21:26:04 | 000,015,272 | ---- | C] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 16:52:37 | 000,000,318 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/05/27 08:44:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:39:31 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:27:12 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Owner\NTUSER.tmp.LOG
[2010/05/27 07:11:15 | 010,193,146 | ---- | C] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/27 00:27:33 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/05/27 00:13:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/27 00:13:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/27 00:13:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/05/27 00:13:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/26 21:58:05 | 000,129,780 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/22 16:51:03 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/05/19 20:56:32 | 000,012,156 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/15 16:51:32 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/04/29 09:32:34 | 000,012,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/15 09:18:44 | 000,190,682 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 17:08:11 | 000,015,804 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 16:09:39 | 000,011,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/09 16:48:14 | 000,013,805 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:29:11 | 000,003,969 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/09 16:05:04 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/05 09:43:48 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/03/30 20:05:32 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:08 | 000,010,165 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:46 | 000,010,469 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2010/03/03 10:08:15 | 000,291,887 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\knit and crochet dishcloths.pdf
[2010/03/03 10:04:57 | 000,494,850 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Chick and Bunny Cards.pdf
[2010/03/03 10:01:39 | 000,213,357 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Spring Card.pdf
[2010/03/03 09:57:30 | 000,190,566 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\P020913_fun_easy_cards.pdf
[2009/07/17 12:04:20 | 000,001,219 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/01/30 19:40:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/10/07 13:50:15 | 000,001,301 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/09/14 12:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/14 11:55:14 | 000,000,612 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/05/21 15:10:57 | 000,000,057 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2008/04/03 17:08:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/03/17 14:06:49 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/17 14:06:48 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/02/12 14:54:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/12 14:53:40 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/01/30 12:09:45 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/01/30 12:09:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lxasbce.dll
[2008/01/30 12:09:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2008/01/30 12:03:52 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LEXUSBCI.DLL
[2008/01/20 14:19:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/01/13 00:47:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/13 00:43:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/13 00:43:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/13 00:43:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/13 00:43:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/13 00:15:13 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2008/01/13 00:15:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2008/01/13 00:14:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2008/01/13 00:11:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/12 23:51:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/12 23:49:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/12 23:40:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/04 09:30:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 09:30:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 09:29:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 18:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 22:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/19 22:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/15 23:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2010/05/26 23:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/12 14:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/01 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/03/17 14:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/05/27 08:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/28 12:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/05 09:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/05/27 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 18:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/27 23:19:35 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Here is the Log:

ComboFix 10-05-31.02 - HP_Owner 05/31/2010 16:38:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.175 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\CpnMgr.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 13:22 . 2010-05-31 13:22 -------- d-----w- C:\_OTL
2010-05-30 01:30 . 2010-05-30 01:33 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-05-29 18:30 . 2010-05-29 18:30 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\Malwarebytes
2010-05-29 12:16 . 2010-05-29 12:16 -------- d-----w- c:\program files\Trend Micro
2010-05-29 05:51 . 2010-05-29 05:51 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Local Settings\Application Data\Adobe
2010-05-29 05:24 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-29 05:24 . 2010-05-29 05:24 -------- d-----w- c:\program files\Panda Security
2010-05-29 04:28 . 2010-05-29 04:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-28 18:27 . 2010-05-28 17:55 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-05-28 17:52 . 2010-05-28 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-28 17:52 . 2010-05-28 17:52 57344 ---ha-w- C:\SZKGFS.dat
2010-05-28 17:51 . 2010-05-29 03:31 -------- d-----w- c:\program files\STOPzilla!
2010-05-28 17:51 . 2010-05-28 17:51 -------- d-----w- c:\program files\Common Files\iS3
2010-05-28 17:51 . 2010-05-29 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-28 14:55 . 2010-05-28 14:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-28 14:55 . 2010-05-28 14:56 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2010-05-28 14:53 . 2010-05-28 14:55 -------- d-----w- c:\program files\Google
2010-05-28 04:00 . 2010-05-28 04:00 -------- d-----w- c:\documents and settings\Owner
2010-05-28 04:00 . 2010-05-28 04:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2010-05-28 03:59 . 2010-05-28 03:50 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2010-05-28 03:59 . 2010-05-28 03:50 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2010-05-28 03:59 . 2010-05-28 03:50 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-05-28 03:59 . 2010-05-28 03:50 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-05-28 03:59 . 2010-05-28 03:50 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-05-28 03:59 . 2010-05-28 03:50 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-05-28 02:26 . 2010-05-28 02:26 15272 ----a-w- c:\windows\system32\Native.exe
2010-05-28 02:25 . 2010-05-28 04:03 -------- d-----w- C:\ReimageUndo
2010-05-28 02:09 . 2010-05-28 04:19 -------- d-----w- C:\rei
2010-05-28 02:09 . 2010-05-28 02:09 -------- d-----w- c:\program files\Reimage
2010-05-27 16:00 . 2010-05-28 04:00 -------- d-sh--w- c:\documents and settings\Administrator.SPIKE\PrivacIE
2010-05-27 15:35 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 15:06 . 2010-05-27 15:06 -------- d-sh--w- c:\documents and settings\Administrator.SPIKE\IETldCache
2010-05-27 15:06 . 2008-01-13 05:19 128 ----a-w- c:\documents and settings\Administrator.SPIKE\Local Settings\Application Data\fusioncache.dat
2010-05-27 15:06 . 2008-01-13 04:52 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\InterMute
2010-05-27 15:06 . 2008-01-13 04:52 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\Apple Computer
2010-05-27 13:44 . 2010-05-27 13:44 0 ----a-w- c:\windows\nsreg.dat
2010-05-27 13:44 . 2010-05-27 13:44 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\program files\Trojan Remover
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-27 12:40 . 2010-05-27 12:40 -------- d-----w- c:\program files\Microsoft
2010-05-27 12:40 . 2010-05-27 12:40 -------- d-----w- c:\program files\MSN Toolbar
2010-05-27 12:39 . 2010-05-27 12:39 2 --shatr- c:\windows\winstart.bat
2010-05-27 12:39 . 2010-05-27 12:39 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-05-27 12:39 . 2010-05-27 12:39 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-05-27 12:38 . 2010-05-21 17:16 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-05-27 12:38 . 2010-05-27 13:14 -------- d-----w- c:\program files\UnHackMe
2010-05-27 12:25 . 2010-05-27 12:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\gtopala
2010-05-27 12:21 . 2010-05-27 12:40 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-05-27 12:18 . 2010-05-27 12:18 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\msvcp71.dll
2010-05-27 12:18 . 2010-05-27 12:18 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\jmc.dll
2010-05-27 12:18 . 2010-05-27 12:18 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\msvcr71.dll
2010-05-27 12:17 . 2010-05-27 12:17 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e2ad6ad-n\decora-sse.dll
2010-05-27 12:17 . 2010-05-27 12:17 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e2ad6ad-n\decora-d3d.dll
2010-05-27 12:17 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 05:46 . 2010-05-27 05:46 -------- d-----w- C:\ERDNT
2010-05-27 05:46 . 2010-05-27 05:46 -------- d-----w- c:\windows\ERUNT
2010-05-27 05:46 . 2010-05-27 05:47 -------- d-----w- C:\!FixIEDef
2010-05-27 05:18 . 2010-05-27 05:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-27 05:18 . 2010-02-28 01:46 3691384 ----a-w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\sly48.exe
2010-05-27 05:18 . 2010-02-28 01:46 3691384 ----a-w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\ply47.exe
2010-05-27 05:13 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-27 05:13 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-27 05:13 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-27 05:13 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-27 05:13 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-27 05:13 . 2010-05-27 05:13 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software
2010-05-27 04:59 . 2010-05-27 04:59 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\hvpfllebq
2010-05-27 04:59 . 2010-05-27 04:59 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\nrjjjdarp
2010-05-27 04:41 . 2010-05-27 04:41 -------- d-----w- c:\program files\Alwil Software
2010-05-27 04:41 . 2010-05-27 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-27 04:26 . 2010-05-27 04:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-27 04:16 . 2010-05-27 04:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-27 04:16 . 2010-05-27 04:16 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-26 21:09 . 2010-05-26 21:09 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-05-26 21:09 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 21:08 . 2010-05-29 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:08 . 2010-05-26 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-26 21:08 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 23:50 . 2010-05-23 23:50 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\eukyberbn
2010-05-11 14:02 . 2010-05-11 14:02 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-05-11 14:02 . 2010-05-11 14:02 1380403 ----a-w- c:\windows\system32\avgsdk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2100-04-08 17:45 . 2001-02-26 23:10 69632 ------w- c:\windows\system32\Lxasmdm.dll
2010-05-29 04:06 . 2008-01-20 18:40 49440 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 03:33 . 2008-01-20 19:15 -------- d-----w- c:\program files\Yahoo!
2010-05-28 20:11 . 2010-05-28 20:08 2800 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-28 04:08 . 2008-01-13 02:06 1104896 ----a-w- c:\windows\system32\msxml3.dll
2010-05-28 04:08 . 2008-01-13 03:20 58880 ----a-w- c:\windows\system32\atl.dll
2010-05-28 02:34 . 2008-01-13 02:06 2188928 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-28 02:32 . 2004-08-04 18:00 2065792 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-27 12:18 . 2008-01-13 04:43 -------- d-----w- c:\program files\Common Files\Java
2010-05-27 12:16 . 2008-01-13 04:43 -------- d-----w- c:\program files\Java
2010-05-26 22:05 . 2008-10-24 02:40 -------- d-----w- c:\program files\Applications
2010-05-12 13:21 . 2008-01-14 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-27 22:16 . 2010-04-24 23:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-04-24 23:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-04-24 23:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-04-24 23:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-04-24 23:32 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-04-24 23:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2010-04-24 23:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2010-04-24 23:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2010-04-24 23:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2010-04-24 23:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-26 19:14 . 2008-01-30 21:56 9602 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-04-25 03:14 . 2008-01-14 01:08 -------- d-----w- c:\program files\McAfee.com
2010-04-25 00:12 . 2008-01-13 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-25 00:12 . 2008-01-14 01:08 -------- d-----w- c:\program files\McAfee
2010-04-25 00:11 . 2008-01-14 01:08 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-15 00:47 . 2009-11-11 14:22 79488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-14 14:27 . 2010-04-14 14:27 2981064 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockIL.exe
2010-04-05 14:50 . 2010-04-05 14:49 21195208 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30026901xupd.exe
2010-04-05 14:45 . 2008-03-17 19:06 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\TaxCut
2010-04-05 14:43 . 2010-04-05 14:43 -------- d-----w- c:\program files\DeductionPro 2009
2010-04-05 14:43 . 2008-01-13 05:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 14:39 . 2010-04-05 14:36 -------- d-----w- c:\program files\HRBlock2009
2010-04-05 14:30 . 2008-03-17 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TaxCut
2010-03-11 16:06 . 2008-01-13 05:16 3645 ----a-w- c:\windows\viassary-hp.reg
2001-06-20 22:19 . 2001-06-19 22:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-10-20 1693184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-13 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"MWLExe"="c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-06-27 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/29/2010 12:24 AM 28552]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/24/2010 6:32 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/8/2008 10:00 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 6:32 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 6:32 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/24/2010 6:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/24/2010 6:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/24/2010 6:32 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/24/2010 6:32 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 6:32 PM 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 9:55 AM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 6:32 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/24/2010 6:32 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 14:55]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 14:55]

2010-05-28 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-05-20 14:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
TCP: {32620CE8-D0AB-47D9-885B-8FDA4A3A2650} = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 16:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x82EC8D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85adf28
\Driver\ACPI -> ACPI.sys @ 0xf8440cb8
\Driver\atapi -> atapi.sys @ 0xf83f8852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
SecurityProcedure -> ntkrnlpa.exe @ 0x80579188
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
SecurityProcedure -> ntkrnlpa.exe @ 0x80579188
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82a8bd4
PacketIndicateHandler -> NDIS.sys @ 0xf8296a0d
SendHandler -> NDIS.sys @ 0xf82aab40
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-05-31 17:04:11
ComboFix-quarantined-files.txt 2010-05-31 22:04

Pre-Run: 163,169,300,480 bytes free
Post-Run: 163,131,117,568 bytes free

- - End Of File - - C3D4A04FD962547781A5F4C0E115A9E1

0

Do you know what these are;

c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\sly48.exe
c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\ply47.exe
c:\documents and settings\HP_Owner\Local Settings\Application Data\hvpfllebq
c:\documents and settings\HP_Owner\Local Settings\Application Data\nrjjjdarp

If not, have them scanned here;

http://virusscan.jotti.org/ or http://www.virustotal.com/en/virustotalf.html

==

Still being re-directed?

0

No I'm not sure what the files are, but the top two I scanned at both of those sites with no positives. the bottom two are empty folders.

Still being redirected.

0

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your Desktop.
  • Copy and paste that information in your next post.
0

When trying to run the online scan I get the following message:

Launch of the Java application is interrupted! Please establish an uninterrupted internet connection to work with this program.

I've tried several times.

0

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

0

Here's the log from ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=66456eccd0618f4380dd947d317e3e95
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-01 11:10:04
# local_time=2010-06-01 06:10:04 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777189 100 75 0 6277235 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=146085
# found=3
# cleaned=0
# scan_time=6036
C:\Program Files\Reimage\Reimage Repair\REI_AxControl.dll probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelide.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\WINDOWS\CouponBarIE.dll probably a variant of Win32/Adware.Softomate.AD application 00000000000000000000000000000000 I


Thanks again for all of your help!

0

No Worries. Now that it has found something I will get you to run it again, but this time can you check the box to remove what is found.
Let me know if it makes a difference.

0

I ran it again, and it came back as cleaned those three. Unfortunately it doesn't make a difference as far as the redirection goes. Do you need me to post the new log?

0

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
0

Here is the Log:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:28 on 02/06/2010 (HP_Owner)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [02:57 09/10/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:58 15/05/2009]

-=E.O.F=-

I'm in and out for work some this evening. I'll try to follow up as quickly as possible on any suggestions you have.

0

Please delete the combofix version you have already then re-download it and run it as per my previous instructions.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe

==

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by crunchie: n/a

0

Here is the new combofix log:

ComboFix 10-06-02.02 - HP_Owner 06/02/2010 22:08:37.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.161 [GMT -5:00]
Running from: k:\blackrock take\Tool Installs\Malware\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-01 21:08 . 2010-06-01 21:08 -------- d-----w- c:\program files\ESET
2010-05-31 13:22 . 2010-05-31 13:22 -------- d-----w- C:\_OTL
2010-05-30 01:30 . 2010-05-30 01:33 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-05-29 18:30 . 2010-05-29 18:30 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\Malwarebytes
2010-05-29 12:16 . 2010-05-29 12:16 -------- d-----w- c:\program files\Trend Micro
2010-05-29 05:51 . 2010-05-29 05:51 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Local Settings\Application Data\Adobe
2010-05-29 05:24 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-29 05:24 . 2010-05-29 05:24 -------- d-----w- c:\program files\Panda Security
2010-05-29 04:28 . 2010-05-29 04:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-28 18:27 . 2010-05-28 17:55 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-05-28 17:52 . 2010-05-28 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-28 17:52 . 2010-05-28 17:52 57344 ---ha-w- C:\SZKGFS.dat
2010-05-28 17:51 . 2010-05-29 03:31 -------- d-----w- c:\program files\STOPzilla!
2010-05-28 17:51 . 2010-05-28 17:51 -------- d-----w- c:\program files\Common Files\iS3
2010-05-28 17:51 . 2010-05-29 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-28 14:55 . 2010-05-28 14:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-28 14:55 . 2010-05-28 14:56 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2010-05-28 14:53 . 2010-05-28 14:55 -------- d-----w- c:\program files\Google
2010-05-28 04:00 . 2010-05-28 04:00 -------- d-----w- c:\documents and settings\Owner
2010-05-28 04:00 . 2010-05-28 04:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2010-05-28 03:59 . 2010-05-28 03:50 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2010-05-28 03:59 . 2010-05-28 03:50 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2010-05-28 03:59 . 2010-05-28 03:50 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-05-28 03:59 . 2010-05-28 03:50 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-05-28 03:59 . 2010-05-28 03:50 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-05-28 03:59 . 2010-05-28 03:50 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-05-28 02:26 . 2010-05-28 02:26 15272 ----a-w- c:\windows\system32\Native.exe
2010-05-28 02:25 . 2010-05-28 04:03 -------- d-----w- C:\ReimageUndo
2010-05-28 02:09 . 2010-05-28 04:19 -------- d-----w- C:\rei
2010-05-28 02:09 . 2010-05-28 02:09 -------- d-----w- c:\program files\Reimage
2010-05-27 16:00 . 2010-05-28 04:00 -------- d-sh--w- c:\documents and settings\Administrator.SPIKE\PrivacIE
2010-05-27 15:35 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 15:06 . 2010-05-27 15:06 -------- d-sh--w- c:\documents and settings\Administrator.SPIKE\IETldCache
2010-05-27 15:06 . 2008-01-13 05:19 128 ----a-w- c:\documents and settings\Administrator.SPIKE\Local Settings\Application Data\fusioncache.dat
2010-05-27 15:06 . 2008-01-13 04:52 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\InterMute
2010-05-27 15:06 . 2008-01-13 04:52 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\Apple Computer
2010-05-27 13:44 . 2010-05-27 13:44 0 ----a-w- c:\windows\nsreg.dat
2010-05-27 13:44 . 2010-05-27 13:44 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\program files\Trojan Remover
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-27 12:40 . 2010-05-27 12:40 -------- d-----w- c:\program files\Microsoft
2010-05-27 12:40 . 2010-05-27 12:40 -------- d-----w- c:\program files\MSN Toolbar
2010-05-27 12:39 . 2010-05-27 12:39 2 --shatr- c:\windows\winstart.bat
2010-05-27 12:39 . 2010-05-27 12:39 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-05-27 12:39 . 2010-05-27 12:39 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-05-27 12:38 . 2010-05-21 17:16 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-05-27 12:38 . 2010-05-27 13:14 -------- d-----w- c:\program files\UnHackMe
2010-05-27 12:25 . 2010-05-27 12:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\gtopala
2010-05-27 12:21 . 2010-05-27 12:40 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-05-27 12:18 . 2010-05-27 12:18 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\msvcp71.dll
2010-05-27 12:18 . 2010-05-27 12:18 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\jmc.dll
2010-05-27 12:18 . 2010-05-27 12:18 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\msvcr71.dll
2010-05-27 12:17 . 2010-05-27 12:17 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e2ad6ad-n\decora-sse.dll
2010-05-27 12:17 . 2010-05-27 12:17 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e2ad6ad-n\decora-d3d.dll
2010-05-27 12:17 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 05:46 . 2010-05-27 05:46 -------- d-----w- C:\ERDNT
2010-05-27 05:46 . 2010-05-27 05:46 -------- d-----w- c:\windows\ERUNT
2010-05-27 05:46 . 2010-05-27 05:47 -------- d-----w- C:\!FixIEDef
2010-05-27 05:18 . 2010-05-27 05:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-27 05:18 . 2010-02-28 01:46 3691384 ----a-w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\sly48.exe
2010-05-27 05:18 . 2010-02-28 01:46 3691384 ----a-w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\ply47.exe
2010-05-27 05:13 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-27 05:13 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-27 05:13 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-27 05:13 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-27 05:13 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-27 05:13 . 2010-05-27 05:13 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software
2010-05-27 04:59 . 2010-05-27 04:59 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\hvpfllebq
2010-05-27 04:59 . 2010-05-27 04:59 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\nrjjjdarp
2010-05-27 04:41 . 2010-05-27 04:41 -------- d-----w- c:\program files\Alwil Software
2010-05-27 04:41 . 2010-05-27 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-27 04:26 . 2010-05-27 04:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-27 04:16 . 2010-05-27 04:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-27 04:16 . 2010-05-27 04:16 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-26 21:09 . 2010-05-26 21:09 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-05-26 21:09 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 21:08 . 2010-05-29 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:08 . 2010-05-26 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-26 21:08 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 23:50 . 2010-05-23 23:50 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\eukyberbn
2010-05-11 14:02 . 2010-05-11 14:02 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-05-11 14:02 . 2010-05-11 14:02 1380403 ----a-w- c:\windows\system32\avgsdk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2100-04-08 17:45 . 2001-02-26 23:10 69632 ------w- c:\windows\system32\Lxasmdm.dll
2010-05-29 04:06 . 2008-01-20 18:40 49440 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 03:33 . 2008-01-20 19:15 -------- d-----w- c:\program files\Yahoo!
2010-05-28 20:11 . 2010-05-28 20:08 2800 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-28 04:08 . 2008-01-13 02:06 1104896 ----a-w- c:\windows\system32\msxml3.dll
2010-05-28 04:08 . 2008-01-13 03:20 58880 ----a-w- c:\windows\system32\atl.dll
2010-05-28 02:34 . 2008-01-13 02:06 2188928 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-28 02:32 . 2004-08-04 18:00 2065792 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-27 12:18 . 2008-01-13 04:43 -------- d-----w- c:\program files\Common Files\Java
2010-05-27 12:16 . 2008-01-13 04:43 -------- d-----w- c:\program files\Java
2010-05-26 22:05 . 2008-10-24 02:40 -------- d-----w- c:\program files\Applications
2010-05-12 13:21 . 2008-01-14 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-27 22:16 . 2010-04-24 23:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-04-24 23:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-04-24 23:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-04-24 23:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-04-24 23:32 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-04-24 23:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2010-04-24 23:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2010-04-24 23:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2010-04-24 23:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2010-04-24 23:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-26 19:14 . 2008-01-30 21:56 9602 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-04-25 03:14 . 2008-01-14 01:08 -------- d-----w- c:\program files\McAfee.com
2010-04-25 00:12 . 2008-01-13 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-25 00:12 . 2008-01-14 01:08 -------- d-----w- c:\program files\McAfee
2010-04-25 00:11 . 2008-01-14 01:08 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-15 00:47 . 2009-11-11 14:22 79488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-14 14:27 . 2010-04-14 14:27 2981064 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockIL.exe
2010-04-05 14:50 . 2010-04-05 14:49 21195208 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30026901xupd.exe
2010-04-05 14:45 . 2008-03-17 19:06 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\TaxCut
2010-04-05 14:43 . 2010-04-05 14:43 -------- d-----w- c:\program files\DeductionPro 2009
2010-04-05 14:43 . 2008-01-13 05:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 14:39 . 2010-04-05 14:36 -------- d-----w- c:\program files\HRBlock2009
2010-04-05 14:30 . 2008-03-17 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TaxCut
2010-03-11 16:06 . 2008-01-13 05:16 3645 ----a-w- c:\windows\viassary-hp.reg
2001-06-20 22:19 . 2001-06-19 22:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-31_21.56.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-03 03:06 . 2010-06-03 03:06 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2004-10-15 03:30 . 2010-06-03 00:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-10-15 03:30 . 2010-05-31 21:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-01 02:32 . 2010-06-03 00:41 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-10-15 03:30 . 2010-05-31 21:16 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-10-20 1693184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-13 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"MWLExe"="c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-06-27 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/29/2010 12:24 AM 28552]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/24/2010 6:32 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/8/2008 10:00 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 6:32 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 6:32 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/24/2010 6:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/24/2010 6:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/24/2010 6:32 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/24/2010 6:32 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 6:32 PM 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 9:55 AM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 6:32 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/24/2010 6:32 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 14:55]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 14:55]

2010-05-28 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-05-20 14:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
TCP: {32620CE8-D0AB-47D9-885B-8FDA4A3A2650} = 192.168.1.254
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 22:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x82EC8D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85adf28
\Driver\ACPI -> ACPI.sys @ 0xf8440cb8
\Driver\atapi -> atapi.sys @ 0xf83f8852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
SecurityProcedure -> ntkrnlpa.exe @ 0x80579188
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
SecurityProcedure -> ntkrnlpa.exe @ 0x80579188
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82a8bd4
PacketIndicateHandler -> NDIS.sys @ 0xf8296a0d
SendHandler -> NDIS.sys @ 0xf82aab40
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-06-02 22:32:00
ComboFix-quarantined-files.txt 2010-06-03 03:31
ComboFix2.txt 2010-05-31 22:04

Pre-Run: 162,912,083,968 bytes free
Post-Run: 162,934,575,104 bytes free

- - End Of File - - 40CCA366114C65DB232F27EF4941F9B6

0

And the log from SecurityCheck:

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
McAfee Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 12
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

0

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 20 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

========

Update Adobe please.

========

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\sly48.exe
    c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\ply47.exe
    
    :Commands
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log from the above fix.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
0

Log for JavaRa:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jun 03 08:40:52 2010

Found and removed: C:\Program Files\Java\j2re1.4.2_03

Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\JavaPlugin.142_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410203

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jun 03 08:41:23 2010

------------------------------------

Finished reporting.

Updated Java to 6u20
Updated Adobe to 8.1.7

0

Initial OTL log:

All processes killed
========== FILES ==========
c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\sly48.exe moved successfully.
c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\ply47.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.SPIKE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 215118 bytes
->Temporary Internet Files folder emptied: 19712248 bytes
->Java cache emptied: 274145 bytes
->Flash cache emptied: 674 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 131206 bytes
->Flash cache emptied: 1157 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1515587 bytes
->Flash cache emptied: 10698 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[Reboot]:Files> in the current context!
Error: Unable to interpret <c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\sly48.exe> in the current context!
Error: Unable to interpret <c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\ply47.exe> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.SPIKE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 131072 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 901949 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.2 log created on 06032010_102721

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Owner\Local Settings\Temp\Perflib_Perfdata_be0.dat not found!
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\C526ZJ1Q\newspop-234290-06-02-2010[1].flv moved successfully.

Registry entries deleted on Reboot...


Second OTL log:

OTL logfile created on: 6/3/2010 10:31:24 AM - Run 3
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 34.00 Mb Available Physical Memory | 7.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.79 Gb Total Space | 151.62 Gb Free Space | 84.80% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 2.37 Gb Free Space | 31.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.87 Gb Total Space | 1.17 Gb Free Space | 62.42% Space Free | Partition Type: FAT

Computer Name: SPIKE
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/20 12:08:26 | 001,693,184 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 16:42:48 | 000,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2007/10/26 16:42:40 | 000,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2007/07/28 10:32:50 | 000,206,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MWLGuiSt.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/03/03 15:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/11/04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/10/13 18:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 16:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/07/28 10:33:02 | 000,910,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/05/19 17:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/02 19:16:10 | 000,086,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WscNetDr.sys -- (WscNetDr)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/10/13 19:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/04 08:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 12:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 11:50:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/06/03 10:27:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518162508.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MWLExe] C:\Program Files\McAfee\MWL\MWLGuiSt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} http://download.yahoo.com/dl/ypc/ypcxwizard2003080601.cab (YPCXWizard Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 22:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/06/03 10:27:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/03 09:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\.SunDownloadManager
[2010/06/03 08:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa
[2010/06/02 19:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix Backups
[2010/06/02 19:28:24 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix.exe
[2010/06/01 16:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/31 16:24:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 16:24:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 16:24:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 16:24:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 16:22:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 10:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/31 10:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/31 08:22:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/30 22:15:09 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/29 07:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/29 00:24:12 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/05/29 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/05/28 23:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/28 12:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/05/28 12:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/28 09:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Google
[2010/05/28 09:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/28 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/27 21:25:44 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2010/05/27 21:09:16 | 000,000,000 | ---D | C] -- C:\rei
[2010/05/27 21:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/05/27 08:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/27 07:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/27 07:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/05/27 07:39:18 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\RegRun2
[2010/05/27 07:38:52 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/27 07:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/05/27 07:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\gtopala
[2010/05/27 07:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/05/27 07:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/27 00:46:58 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/27 00:46:39 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010/05/27 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/27 00:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Simply Super Software
[2010/05/27 00:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
[2010/05/26 23:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\hvpfllebq
[2010/05/26 23:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\nrjjjdarp
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/26 21:56:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2010/05/26 16:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/05/26 16:09:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/26 16:08:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/23 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\eukyberbn
[2010/05/11 09:02:08 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/04/24 18:33:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/24 18:32:59 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/24 18:32:59 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/24 18:32:59 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/24 18:32:59 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/24 18:32:59 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/24 18:32:59 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/24 18:32:59 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/24 18:32:59 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/24 18:32:59 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/11 14:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity
[2010/04/05 09:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\DeductionPro 2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\HRBlock

========== Files - Modified Within 90 Days ==========

[2100/04/08 12:45:26 | 000,069,632 | ---- | M] (Oasis Semiconductor Inc.) -- C:\WINDOWS\System32\Lxasmdm.dll
[2010/06/03 10:30:36 | 002,387,968 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/06/03 10:30:34 | 001,634,304 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/06/03 10:30:14 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/06/03 10:29:57 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/03 10:29:57 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/06/03 10:29:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 10:29:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 10:29:48 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 10:27:58 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/06/03 10:27:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/06/03 10:27:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/03 10:24:51 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/03 10:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/03 09:57:13 | 000,001,188 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u20-windows-i586.exe.sdm
[2010/06/03 09:57:00 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1275577021895-integrated.jnlp
[2010/06/03 09:52:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe
[2010/06/03 09:52:20 | 000,004,588 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe.sdm
[2010/06/03 09:50:39 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1275576633768-integrated.jnlp
[2010/06/03 08:33:44 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa.zip
[2010/06/02 23:19:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/06/02 22:25:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/02 21:51:24 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2010/06/02 21:47:46 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SecurityCheck.exe
[2010/06/02 19:28:00 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix.exe
[2010/06/02 17:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/30 22:05:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/29 13:29:51 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 23:06:28 | 000,049,440 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 15:11:10 | 000,002,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | M] () -- C:\SZKGFS.dat
[2010/05/27 23:19:56 | 000,000,318 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/05/27 23:19:42 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:12:03 | 000,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/27 23:12:03 | 000,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/27 23:12:02 | 000,358,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/27 23:08:31 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/27 23:08:25 | 000,000,740 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:04:11 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:50:45 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/05/27 22:50:44 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 22:50:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 22:50:30 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/27 22:36:12 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/27 22:15:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/27 21:26:04 | 000,015,272 | ---- | M] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 08:44:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:51:01 | 004,274,856 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2010/05/27 07:39:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/27 07:39:31 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/27 07:39:31 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:39:18 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:28:19 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.bak
[2010/05/27 07:16:40 | 010,193,146 | ---- | M] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/26 21:58:27 | 000,129,780 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/24 15:48:03 | 000,012,156 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/21 18:58:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/21 12:16:58 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/15 16:51:33 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | M] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/05/11 09:02:08 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/05/05 10:52:45 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/04 14:52:31 | 000,012,620 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 14:14:16 | 000,009,602 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2010/04/15 09:18:45 | 000,190,682 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 19:15:45 | 000,015,804 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 17:08:23 | 000,011,312 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/13 17:08:18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/09 16:48:15 | 000,013,805 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:28:26 | 000,003,969 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/05 09:43:48 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/04/05 09:09:15 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2010/03/30 20:08:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:20 | 000,010,165 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:47 | 000,010,469 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2010/03/11 11:06:45 | 000,003,645 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2010/03/08 15:35:59 | 000,067,420 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Kimberly Belfield Resume.docx
[2010/03/05 15:20:40 | 000,010,809 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Grocery Prices.xlsx

========== Files Created - No Company Name ==========

[2010/06/03 09:57:13 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u20-windows-i586.exe.sdm
[2010/06/03 09:56:57 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1275577021895-integrated.jnlp
[2010/06/03 09:52:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe
[2010/06/03 09:52:20 | 000,004,588 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe.sdm
[2010/06/03 09:50:34 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1275576633768-integrated.jnlp
[2010/06/03 08:39:50 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa.zip
[2010/06/02 22:07:00 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/06/02 21:51:32 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SecurityCheck.exe
[2010/06/02 21:51:24 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2010/06/01 08:31:35 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/31 16:24:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 16:24:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 16:24:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 16:24:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 16:24:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/29 13:29:51 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 15:08:24 | 000,002,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | C] () -- C:\SZKGFS.dat
[2010/05/28 09:55:32 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 09:55:30 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/27 23:19:42 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:19:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/05/27 23:08:23 | 000,000,740 | ---- | C] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:03:08 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:57:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 21:26:04 | 000,015,272 | ---- | C] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 16:52:37 | 000,000,318 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/05/27 08:44:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:39:31 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:27:12 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Owner\NTUSER.tmp.LOG
[2010/05/27 07:11:15 | 010,193,146 | ---- | C] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/27 00:13:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/27 00:13:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/27 00:13:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/05/27 00:13:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/26 21:58:05 | 000,129,780 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/22 16:51:03 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/05/19 20:56:32 | 000,012,156 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/15 16:51:32 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/04/29 09:32:34 | 000,012,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/15 09:18:44 | 000,190,682 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 17:08:11 | 000,015,804 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 16:09:39 | 000,011,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/09 16:48:14 | 000,013,805 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:29:11 | 000,003,969 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/09 16:05:04 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/05 09:43:48 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/03/30 20:05:32 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:08 | 000,010,165 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:46 | 000,010,469 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2009/07/17 12:04:20 | 000,001,219 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/01/30 19:40:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/10/07 13:50:15 | 000,001,301 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/09/14 12:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/14 11:55:14 | 000,000,612 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/05/21 15:10:57 | 000,000,057 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2008/04/03 17:08:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/03/17 14:06:49 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/17 14:06:48 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/02/12 14:54:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/12 14:53:40 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/01/30 12:09:45 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/01/30 12:09:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lxasbce.dll
[2008/01/30 12:09:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2008/01/30 12:03:52 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LEXUSBCI.DLL
[2008/01/20 14:19:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/01/13 00:47:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/13 00:43:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/13 00:43:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/13 00:43:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/13 00:43:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/13 00:15:13 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2008/01/13 00:15:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2008/01/13 00:14:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2008/01/13 00:11:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/12 23:51:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/12 23:49:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/12 23:40:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/04 09:30:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 09:30:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 09:29:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 18:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 22:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/19 22:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/15 23:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2010/05/26 23:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/12 14:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/01 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/03/17 14:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/05/27 08:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/28 12:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/05 09:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/05/27 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 18:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/02 23:19:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

0

Please update MBA-M and run a full scan again. Remove what is found. Post the log please.

====

Download Delete Domains from here and run it. It will delete all entries from the trusted and restricted zone.

==

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    C:\WINDOWS\cpnprt2.cid
    
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

Let me know how things are.

0

MBA-M did not fine anything. Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2010 6:50:21 PM
mbam-log-2010-06-03 (18-50-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 284171
Time elapsed: 1 hour(s), 19 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I Ran Delete Domains per your instructions.

Also ran OTL RunFix per your instructions, but it did not produce a log???

Ran OTL Quick Scan and here is the log:

OTL logfile created on: 6/3/2010 7:32:21 PM - Run 4
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 54.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.79 Gb Total Space | 151.67 Gb Free Space | 84.83% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 2.37 Gb Free Space | 31.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPIKE
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/20 12:08:26 | 001,693,184 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 16:42:48 | 000,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2007/10/26 16:42:40 | 000,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/03/03 15:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/11/04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/10/13 18:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 16:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/07/28 10:33:02 | 000,910,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/05/19 17:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/02 19:16:10 | 000,086,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WscNetDr.sys -- (WscNetDr)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/10/13 19:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/04 08:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 12:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 11:50:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/06/03 10:27:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518162508.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MWLExe] C:\Program Files\McAfee\MWL\MWLGuiSt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} http://download.yahoo.com/dl/ypc/ypcxwizard2003080601.cab (YPCXWizard Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 22:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/06/03 10:27:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/03 09:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\.SunDownloadManager
[2010/06/03 08:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa
[2010/06/02 19:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix Backups
[2010/06/02 19:28:24 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix.exe
[2010/06/01 16:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/31 16:24:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 16:24:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 16:24:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 16:24:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 16:22:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 10:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/31 10:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/31 08:22:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/30 22:15:09 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/29 07:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/29 00:24:12 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/05/29 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/05/28 23:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/28 12:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/05/28 12:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/28 09:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Google
[2010/05/28 09:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/28 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/27 21:25:44 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2010/05/27 21:09:16 | 000,000,000 | ---D | C] -- C:\rei
[2010/05/27 21:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/05/27 08:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/27 07:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/27 07:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/05/27 07:39:18 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\RegRun2
[2010/05/27 07:38:52 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/27 07:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/05/27 07:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\gtopala
[2010/05/27 07:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/05/27 07:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/27 00:46:58 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/27 00:46:39 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010/05/27 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/27 00:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Simply Super Software
[2010/05/27 00:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
[2010/05/26 23:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\hvpfllebq
[2010/05/26 23:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\nrjjjdarp
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/26 21:56:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2010/05/26 16:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/05/26 16:09:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/26 16:08:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/23 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\eukyberbn
[2010/05/11 09:02:08 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/04/24 18:33:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/24 18:32:59 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/24 18:32:59 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/24 18:32:59 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/24 18:32:59 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/24 18:32:59 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/24 18:32:59 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/24 18:32:59 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/24 18:32:59 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/24 18:32:59 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/11 14:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity
[2010/04/05 09:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\DeductionPro 2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\HRBlock

========== Files - Modified Within 90 Days ==========

[2100/04/08 12:45:26 | 000,069,632 | ---- | M] (Oasis Semiconductor Inc.) -- C:\WINDOWS\System32\Lxasmdm.dll
[2010/06/03 19:29:50 | 002,387,968 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/06/03 19:29:46 | 001,634,304 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/06/03 19:29:30 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/06/03 19:29:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/03 19:29:11 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/06/03 19:29:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 19:29:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 19:29:03 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 19:27:56 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/06/03 19:27:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/06/03 19:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/03 16:44:24 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\DelDomains.inf
[2010/06/03 10:27:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/03 10:24:51 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/03 09:57:13 | 000,001,188 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u20-windows-i586.exe.sdm
[2010/06/03 09:57:00 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1275577021895-integrated.jnlp
[2010/06/03 09:52:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe
[2010/06/03 09:52:20 | 000,004,588 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe.sdm
[2010/06/03 09:50:39 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1275576633768-integrated.jnlp
[2010/06/03 08:33:44 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa.zip
[2010/06/02 23:19:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/06/02 22:25:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/02 21:51:24 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2010/06/02 21:47:46 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SecurityCheck.exe
[2010/06/02 19:28:00 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix.exe
[2010/06/02 17:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/30 22:05:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/29 13:29:51 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 23:06:28 | 000,049,440 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 15:11:10 | 000,002,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | M] () -- C:\SZKGFS.dat
[2010/05/27 23:19:56 | 000,000,318 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/05/27 23:19:42 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:12:03 | 000,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/27 23:12:03 | 000,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/27 23:12:02 | 000,358,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/27 23:08:31 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/27 23:08:25 | 000,000,740 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:04:11 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:50:45 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/05/27 22:50:44 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 22:50:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 22:50:30 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/27 22:36:12 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/27 22:15:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/27 21:26:04 | 000,015,272 | ---- | M] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 08:44:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:51:01 | 004,274,856 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2010/05/27 07:39:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/27 07:39:31 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/27 07:39:31 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:39:18 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:28:19 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.bak
[2010/05/27 07:16:40 | 010,193,146 | ---- | M] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/26 21:58:27 | 000,129,780 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/24 15:48:03 | 000,012,156 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/21 18:58:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/21 12:16:58 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/15 16:51:33 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | M] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/05/11 09:02:08 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/05/05 10:52:45 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/04 14:52:31 | 000,012,620 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 14:14:16 | 000,009,602 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2010/04/15 09:18:45 | 000,190,682 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 19:15:45 | 000,015,804 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 17:08:23 | 000,011,312 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/13 17:08:18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/09 16:48:15 | 000,013,805 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:28:26 | 000,003,969 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/05 09:43:48 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/03/30 20:08:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:20 | 000,010,165 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:47 | 000,010,469 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2010/03/11 11:06:45 | 000,003,645 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2010/03/08 15:35:59 | 000,067,420 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Kimberly Belfield Resume.docx

========== Files Created - No Company Name ==========

[2010/06/03 19:05:10 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\DelDomains.inf
[2010/06/03 09:57:13 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u20-windows-i586.exe.sdm
[2010/06/03 09:56:57 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1275577021895-integrated.jnlp
[2010/06/03 09:52:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe
[2010/06/03 09:52:20 | 000,004,588 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe.sdm
[2010/06/03 09:50:34 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1275576633768-integrated.jnlp
[2010/06/03 08:39:50 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa.zip
[2010/06/02 22:07:00 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/06/02 21:51:32 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SecurityCheck.exe
[2010/06/02 21:51:24 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2010/06/01 08:31:35 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/31 16:24:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 16:24:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 16:24:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 16:24:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 16:24:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/29 13:29:51 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 15:08:24 | 000,002,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | C] () -- C:\SZKGFS.dat
[2010/05/28 09:55:32 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 09:55:30 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/27 23:19:42 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:19:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/05/27 23:08:23 | 000,000,740 | ---- | C] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:03:08 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:57:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 21:26:04 | 000,015,272 | ---- | C] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 16:52:37 | 000,000,318 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/05/27 08:44:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:39:31 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:27:12 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Owner\NTUSER.tmp.LOG
[2010/05/27 07:11:15 | 010,193,146 | ---- | C] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/27 00:13:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/27 00:13:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/27 00:13:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/05/27 00:13:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/26 21:58:05 | 000,129,780 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/22 16:51:03 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/05/19 20:56:32 | 000,012,156 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/15 16:51:32 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/04/29 09:32:34 | 000,012,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/15 09:18:44 | 000,190,682 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 17:08:11 | 000,015,804 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 16:09:39 | 000,011,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/09 16:48:14 | 000,013,805 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:29:11 | 000,003,969 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/09 16:05:04 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/05 09:43:48 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/03/30 20:05:32 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:08 | 000,010,165 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:46 | 000,010,469 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2009/07/17 12:04:20 | 000,001,219 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/01/30 19:40:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/10/07 13:50:15 | 000,001,301 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/09/14 12:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/14 11:55:14 | 000,000,612 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/05/21 15:10:57 | 000,000,057 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2008/04/03 17:08:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/03/17 14:06:49 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/17 14:06:48 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/02/12 14:54:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/12 14:53:40 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/01/30 12:09:45 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/01/30 12:09:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lxasbce.dll
[2008/01/30 12:09:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2008/01/30 12:03:52 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LEXUSBCI.DLL
[2008/01/20 14:19:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/01/13 00:47:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/13 00:43:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/13 00:43:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/13 00:43:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/13 00:43:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/13 00:15:13 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2008/01/13 00:15:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2008/01/13 00:14:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2008/01/13 00:11:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/12 23:51:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/12 23:49:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/12 23:40:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/04 09:30:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 09:30:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 09:29:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 18:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 22:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/19 22:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/15 23:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2010/05/26 23:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/12 14:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/01 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/03/17 14:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/05/27 08:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/28 12:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/05 09:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/05/27 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 18:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/02 23:19:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.