Welcome to GeekPolice!
HomeTR/Kazy infection-OTL.txt/ addl logs in addl posts
Page 6 of 7 • 
1, 2, 3, 4, 5, 6, 7 
- robbhenningsr
Novice
-
OS : XP Media Ctr 2002 Service pack 3
Posts : 39
Rubies : 2742
Likes : 0 
robbhenningsr on 14th November 2011, 12:37 am
No, thanks, format is a bit extreme, yet. I've seen this once before, I just don't remember exactly how to go about tracking down and re-setting the appropriate devices.
One thing I did notice, while just looking around on the pc, is there are a number of items in "Services" that are showing as stopped...among those stopped are IP configuration.
If you know more about "Services" settings, or can refer me to someone who might, your help would be appreciated. Meanwhile, I'll keep researching on this end, as time and talent permit.
Thanks,
Patricia
One thing I did notice, while just looking around on the pc, is there are a number of items in "Services" that are showing as stopped...among those stopped are IP configuration.
If you know more about "Services" settings, or can refer me to someone who might, your help would be appreciated. Meanwhile, I'll keep researching on this end, as time and talent permit.
Thanks,
Patricia
- Belahzur
Site Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218012
Likes : 18 -
Belahzur on 14th November 2011, 2:19 am
Hello.
I'm back with an idea.
Please download FSS from here
Press the scan button, and it will make a log file when it's finished.
Copy and paste the log back here.
I'm back with an idea.
Please download FSS from here
Press the scan button, and it will make a log file when it's finished.
Copy and paste the log back here.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- robbhenningsrNovice
-
OS : XP Media Ctr 2002 Service pack 3
Posts : 39
Rubies : 2742
Likes : 0 -
robbhenningsr on 14th November 2011, 3:08 am
I'm sorry, but "from where?" No link in previous message, not sure where to look-- I'll check back. Thanks,
Patricia
Patricia
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218012
Likes : 18 -
- robbhenningsrNovice
-
OS : XP Media Ctr 2002 Service pack 3
Posts : 39
Rubies : 2742
Likes : 0 -
robbhenningsr on 14th November 2011, 4:58 pm
Thanks, for no apparent reason, the link didn't activate when I moused over it, yesterday...got it now!
Thanks,
Patricia
Thanks,
Patricia
- robbhenningsrNovice
-
OS : XP Media Ctr 2002 Service pack 3
Posts : 39
Rubies : 2742
Likes : 0 -
robbhenningsr on 14th November 2011, 5:02 pm
Here is the FSS log:
Farbar Service Scanner
Ran by HP_Administrator (administrator) on 14-11-2011 at 12:00:10
Microsoft Windows XP Service Pack 3 (X86)
********************************************************
Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.
File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to Google returned error: Google site is unreachable
Attemp to yahoo returend error: Yahoo site is unreachable
**** End of log ****
I'll wait for further advice...
Thanks,
Patricia
Farbar Service Scanner
Ran by HP_Administrator (administrator) on 14-11-2011 at 12:00:10
Microsoft Windows XP Service Pack 3 (X86)
********************************************************
Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.
File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to Google returned error: Google site is unreachable
Attemp to yahoo returend error: Yahoo site is unreachable
**** End of log ****
I'll wait for further advice...
Thanks,
Patricia
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218012
Likes : 18 -
Belahzur on 14th November 2011, 5:11 pm
I believe we found the problem. While I do some research, do you have your XP disc? a critical system file was deleted by the infection and needs replacing.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- robbhenningsrNovice
-
OS : XP Media Ctr 2002 Service pack 3
Posts : 39
Rubies : 2742
Likes : 0 -
robbhenningsr on 14th November 2011, 5:12 pm
No, this pc did not come with an XP disc...sorry.
Thanks for your help,
Patricia
Thanks for your help,
Patricia
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218012
Likes : 18 -
Belahzur on 14th November 2011, 5:16 pm
Darn, lets hope the machine has a backup copy somewhere.
Please run OTL.exe.
Please run OTL.exe.
- Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
/md5start
netbt.sys
/md5stop - Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the pink Quick Scan button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTL.exe
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- robbhenningsrNovice
-
OS : XP Media Ctr 2002 Service pack 3
Posts : 39
Rubies : 2742
Likes : 0 -
robbhenningsr on 14th November 2011, 6:13 pm
Done! Here are the results of the current OTL scan:
OTL logfile created on: 11/14/2011 12:48:35 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.41 Mb Total Physical Memory | 541.24 Mb Available Physical Memory | 52.94% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 113.62 Gb Free Space | 31.25% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32
Drive K: | 279.45 Gb Total Space | 227.87 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive L: | 245.72 Mb Total Space | 97.06 Mb Free Space | 39.50% Space Free | Partition Type: FAT
Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/14 12:45:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
PRC - [2010/11/17 13:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/29 15:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/09/28 13:09:05 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/02 11:21:20 | 001,503,306 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/07/25 01:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2003/11/06 18:32:30 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
========== Modules (No Company Name) ==========
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/20 11:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 11:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 11:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/03 19:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 19:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/28 01:59:00 | 001,478,656 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/08/28 01:59:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/03/16 01:17:28 | 000,204,800 | ---- | M] () -- c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
MOD - [2003/11/06 18:32:30 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/11/06 14:40:32 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011/10/23 08:41:12 | 000,060,416 | ---- | M] () [Auto | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [Auto | Running] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
========== Driver Services (SafeList) ==========
DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 03:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/23 04:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/18 17:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/15 06:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/10 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 15:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 11:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/06 00:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 12:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/news/Burger-King-revamps-coffee-apf-1119327906.html?x=0&.v=6|http://www.facebook.com/home.php?|http://excite.com/|https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {a2adbb75-0c40-1c3b-68b2-6de799200d52}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {776A7CC0-E1A0-4E46-982C-88A8754E5100}:1.9.1
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-b3EH\n&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 08:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/19 22:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/11 18:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/12/11 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/12/11 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/19 22:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions
[2009/11/30 19:02:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/11 18:42:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/07 10:53:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\engine@conduit.com
[2010/01/23 22:28:20 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\bing-ff.xml
[2008/06/23 14:55:06 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\wikipedia.xml
[2011/10/19 23:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/07 18:30:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/01 14:54:22 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}
[2010/02/01 14:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}.del
[2010/12/05 11:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/19 23:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2007/02/28 12:36:51 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010/02/14 01:36:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/03/08 22:33:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 08:18:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/03/05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 10:52:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
O1 HOSTS File: ([2011/10/28 19:17:14 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201B7D01-482D-4862-846E-44904AD96B73}: DhcpNameServer = 10.10.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/13 04:37:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/14 12:45:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2011/11/13 22:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/28 19:15:35 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\WinsockxpFix.exe
[2011/10/27 15:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/27 14:58:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/27 14:58:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/27 14:58:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/27 14:58:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/27 14:55:26 | 004,274,802 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/10/25 14:45:12 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/10/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/10/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/10/24 02:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Kaspersky
[2011/10/24 02:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2011/10/22 14:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\pics
[2011/10/21 13:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/21 13:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\eset
[2011/10/21 13:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SysProt
[2011/10/20 21:57:32 | 000,467,028 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2011/10/20 20:45:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 15:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/20 00:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Java
[2011/10/19 20:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/18 19:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/14 12:45:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2011/11/14 12:37:23 | 000,000,203 | ---- | M] () -- C:\WINDOWS\System32\mhncache.dat
[2011/11/14 11:56:36 | 000,324,319 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/11/14 10:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/11/14 00:46:19 | 000,000,336 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/11/13 22:55:35 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/11/13 22:53:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/11/13 22:35:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 22:35:00 | 1072,152,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 22:34:11 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:33:40 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.CDF
[2011/11/13 22:33:40 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.BAK
[2011/11/10 16:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/09 13:36:12 | 000,465,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/09 13:36:12 | 000,080,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/02 22:10:28 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\look.bat
[2011/11/02 13:13:10 | 000,380,805 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2011/10/28 19:17:14 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/28 19:15:32 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\WinsockxpFix.exe
[2011/10/27 15:22:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/10/27 14:55:18 | 004,274,802 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/10/25 14:37:24 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/10/25 14:37:00 | 000,147,832 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\profiles.exe
[2011/10/24 02:41:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/20 15:16:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/20 00:37:44 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 00:06:56 | 048,324,552 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/10/19 22:40:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/19 14:32:56 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/10/19 12:56:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/19 12:55:49 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/18 15:32:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/14 11:56:46 | 000,324,319 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/11/09 13:29:09 | 1072,152,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/02 22:10:25 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\look.bat
[2011/11/02 13:13:19 | 000,380,805 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2011/10/27 14:58:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/27 14:58:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/27 14:58:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/27 14:58:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/27 14:58:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/25 14:44:39 | 000,147,832 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\profiles.exe
[2011/10/19 22:40:42 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 22:40:42 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/19 14:32:43 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/10/18 15:32:21 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2010/12/01 18:45:43 | 000,000,203 | ---- | C] () -- C:\WINDOWS\System32\mhncache.dat
[2010/11/03 20:19:53 | 000,000,421 | ---- | C] () -- C:\WINDOWS\DeDup.ini
[2010/09/28 13:08:21 | 000,000,336 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/03/09 14:29:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/08 19:43:50 | 048,324,552 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2010/03/08 15:44:02 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2010/02/05 17:07:27 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/23 22:30:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vfidag.dat
[2010/01/23 22:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoneciduwaton.bin
[2009/07/08 10:58:18 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/08 09:07:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/05/21 18:11:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/24 10:27:08 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/17 13:19:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/03/28 20:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/24 13:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/02 12:17:44 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/08/30 14:20:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/17 17:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2007/05/14 10:59:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/09/01 17:38:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\FWWipeALL.dll
[2006/08/11 23:57:12 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/11 23:56:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/11 23:56:51 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/05/13 21:20:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/13 19:38:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/27 21:02:50 | 000,005,717 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2006/04/27 21:02:28 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/03/14 18:14:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/02/27 22:58:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/12 16:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/12 16:14:13 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/12 16:14:06 | 000,003,892 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/27 11:16:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/01/27 11:12:31 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/13 04:56:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/13 04:39:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/01/13 04:39:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/01/13 04:24:05 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/01/13 04:24:05 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/01/13 04:18:40 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/13 04:18:40 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/13 04:16:33 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/13 04:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/13 04:15:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/13 04:12:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/13 03:59:45 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/12 17:39:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/12 17:39:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/12 17:39:23 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/12 17:39:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/12 17:39:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/12 17:38:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/12 17:38:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/12 17:38:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/12 17:38:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dwwin.exe
[2006/01/12 17:37:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 17:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 17:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/08/02 17:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 17:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 17:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/07/02 15:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 15:34:10 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 15:28:10 | 000,465,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 15:28:10 | 000,080,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/02/26 14:31:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/01/28 19:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 19:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 07:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2009/05/16 20:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/05/14 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/06 12:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/12/06 11:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2007/08/30 10:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/05 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/02/06 12:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/16 20:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
[2008/01/29 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/01/29 17:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/02/14 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2007/09/07 10:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/03/30 19:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/09/28 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/06 12:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/11 20:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/05/31 08:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2011/11/13 22:53:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2011/11/14 10:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: NETBT.SYS >
[2004/08/10 00:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\netbt.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
I'll check back for further instructions.
Thanks,
Patricia
OTL logfile created on: 11/14/2011 12:48:35 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.41 Mb Total Physical Memory | 541.24 Mb Available Physical Memory | 52.94% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 113.62 Gb Free Space | 31.25% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32
Drive K: | 279.45 Gb Total Space | 227.87 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive L: | 245.72 Mb Total Space | 97.06 Mb Free Space | 39.50% Space Free | Partition Type: FAT
Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/14 12:45:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
PRC - [2010/11/17 13:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/29 15:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/09/28 13:09:05 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/02 11:21:20 | 001,503,306 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/07/25 01:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2003/11/06 18:32:30 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
========== Modules (No Company Name) ==========
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/20 11:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 11:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 11:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/03 19:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 19:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/28 01:59:00 | 001,478,656 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/08/28 01:59:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/03/16 01:17:28 | 000,204,800 | ---- | M] () -- c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
MOD - [2003/11/06 18:32:30 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/11/06 14:40:32 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011/10/23 08:41:12 | 000,060,416 | ---- | M] () [Auto | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [Auto | Running] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
========== Driver Services (SafeList) ==========
DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 03:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/23 04:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/18 17:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/15 06:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/10 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 15:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 11:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/06 00:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 12:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/news/Burger-King-revamps-coffee-apf-1119327906.html?x=0&.v=6|http://www.facebook.com/home.php?|http://excite.com/|https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {a2adbb75-0c40-1c3b-68b2-6de799200d52}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {776A7CC0-E1A0-4E46-982C-88A8754E5100}:1.9.1
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-b3EH\n&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 08:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/19 22:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/11 18:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/12/11 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/12/11 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/19 22:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions
[2009/11/30 19:02:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/11 18:42:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/07 10:53:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\engine@conduit.com
[2010/01/23 22:28:20 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\bing-ff.xml
[2008/06/23 14:55:06 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\wikipedia.xml
[2011/10/19 23:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/07 18:30:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/01 14:54:22 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}
[2010/02/01 14:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}.del
[2010/12/05 11:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/19 23:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2007/02/28 12:36:51 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010/02/14 01:36:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/03/08 22:33:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 08:18:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/03/05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 10:52:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
O1 HOSTS File: ([2011/10/28 19:17:14 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201B7D01-482D-4862-846E-44904AD96B73}: DhcpNameServer = 10.10.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/13 04:37:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/14 12:45:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2011/11/13 22:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/28 19:15:35 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\WinsockxpFix.exe
[2011/10/27 15:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/27 14:58:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/27 14:58:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/27 14:58:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/27 14:58:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/27 14:55:26 | 004,274,802 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/10/25 14:45:12 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/10/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/10/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/10/24 02:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Kaspersky
[2011/10/24 02:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2011/10/22 14:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\pics
[2011/10/21 13:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/21 13:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\eset
[2011/10/21 13:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SysProt
[2011/10/20 21:57:32 | 000,467,028 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2011/10/20 20:45:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 15:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/20 00:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Java
[2011/10/19 20:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/18 19:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/14 12:45:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2011/11/14 12:37:23 | 000,000,203 | ---- | M] () -- C:\WINDOWS\System32\mhncache.dat
[2011/11/14 11:56:36 | 000,324,319 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/11/14 10:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/11/14 00:46:19 | 000,000,336 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/11/13 22:55:35 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/11/13 22:53:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/11/13 22:35:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 22:35:00 | 1072,152,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 22:34:11 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:33:40 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.CDF
[2011/11/13 22:33:40 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.BAK
[2011/11/10 16:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/09 13:36:12 | 000,465,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/09 13:36:12 | 000,080,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/02 22:10:28 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\look.bat
[2011/11/02 13:13:10 | 000,380,805 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2011/10/28 19:17:14 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/28 19:15:32 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\WinsockxpFix.exe
[2011/10/27 15:22:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/10/27 14:55:18 | 004,274,802 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/10/25 14:37:24 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/10/25 14:37:00 | 000,147,832 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\profiles.exe
[2011/10/24 02:41:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/20 15:16:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/20 00:37:44 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 00:06:56 | 048,324,552 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/10/19 22:40:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/19 14:32:56 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/10/19 12:56:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/19 12:55:49 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/18 15:32:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/14 11:56:46 | 000,324,319 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/11/09 13:29:09 | 1072,152,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/02 22:10:25 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\look.bat
[2011/11/02 13:13:19 | 000,380,805 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2011/10/27 14:58:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/27 14:58:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/27 14:58:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/27 14:58:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/27 14:58:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/25 14:44:39 | 000,147,832 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\profiles.exe
[2011/10/19 22:40:42 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 22:40:42 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/19 14:32:43 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/10/18 15:32:21 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2010/12/01 18:45:43 | 000,000,203 | ---- | C] () -- C:\WINDOWS\System32\mhncache.dat
[2010/11/03 20:19:53 | 000,000,421 | ---- | C] () -- C:\WINDOWS\DeDup.ini
[2010/09/28 13:08:21 | 000,000,336 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/03/09 14:29:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/08 19:43:50 | 048,324,552 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2010/03/08 15:44:02 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2010/02/05 17:07:27 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/23 22:30:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vfidag.dat
[2010/01/23 22:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoneciduwaton.bin
[2009/07/08 10:58:18 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/08 09:07:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/05/21 18:11:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/24 10:27:08 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/17 13:19:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/03/28 20:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/24 13:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/02 12:17:44 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/08/30 14:20:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/17 17:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2007/05/14 10:59:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/09/01 17:38:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\FWWipeALL.dll
[2006/08/11 23:57:12 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/11 23:56:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/11 23:56:51 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/05/13 21:20:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/13 19:38:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/27 21:02:50 | 000,005,717 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2006/04/27 21:02:28 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/03/14 18:14:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/02/27 22:58:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/12 16:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/12 16:14:13 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/12 16:14:06 | 000,003,892 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/27 11:16:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/01/27 11:12:31 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/13 04:56:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/13 04:39:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/01/13 04:39:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/01/13 04:24:05 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/01/13 04:24:05 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/01/13 04:18:40 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/13 04:18:40 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/13 04:16:33 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/13 04:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/13 04:15:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/13 04:12:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/13 03:59:45 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/12 17:39:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/12 17:39:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/12 17:39:23 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/12 17:39:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/12 17:39:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/12 17:38:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/12 17:38:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/12 17:38:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/12 17:38:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dwwin.exe
[2006/01/12 17:37:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 17:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 17:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/08/02 17:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 17:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 17:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/07/02 15:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 15:34:10 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 15:28:10 | 000,465,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 15:28:10 | 000,080,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/02/26 14:31:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/01/28 19:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 19:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 07:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2009/05/16 20:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/05/14 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/06 12:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/12/06 11:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2007/08/30 10:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/05 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/02/06 12:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/16 20:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
[2008/01/29 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/01/29 17:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/02/14 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2007/09/07 10:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/03/30 19:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/09/28 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/06 12:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/11 20:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/05/31 08:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2011/11/13 22:53:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2011/11/14 10:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: NETBT.SYS >
[2004/08/10 00:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\netbt.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
I'll check back for further instructions.
Thanks,
Patricia
Page 6 of 7 • 1, 2, 3, 4, 5, 6, 7
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 6 of 7
Permissions in this forum:
You can reply to topics in this forum
