Sophiekat Posted December 28, 2011 Posted December 28, 2011 Hi, I'm new here and I hope this is posted on right thread. First off I have Windows XP and my computer is a desktop. I ask this question on an other forum site but as of yet no one has helped me solve the problem. They did have me download some stuff to check my computer but haven't notified me as to what to do. They did say my computer was infected, but as I said no one has told me what to do. Hopefully someone on here can help me. Here is the problem. When I go to "My Pictures" and start scrolling through them, my computer will restart itself. It doesn't do it when I'm anywhere else, just on "My Pictures." Please help me Thanks Sophiekat Quote
Starbuck Posted December 28, 2011 Posted December 28, 2011 Hi Sophiekat and welcome to FPCH. They did say my computer was infected, but as I said no one has told me what to do Not replying to you for 3 weeks isn't really the way to go. What they class an being 'infected' and what i class as being infected, may not be the same thing. I do know a few of the 'helpers' at the site in question, but the lack of response is not good. While they're all having a good sleep, we'll see what we can uncover. Let's get some up to date reports from up to date programs. I'll move this thread to the malware removal forum just in case it turns out to be malware related. If not, it can easily be moved back. Step 1 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab:Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report both reports from OTL Thanks. Quote Member of:UNITE
Bluesplayer. Posted December 28, 2011 Posted December 28, 2011 Hi Sophiekat - we met on the 'other forum' - I'am sorry that you did not receive the help that you needed. You are in safe hands now. Quote
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.28.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 fedenfam :: HP [administrator] 12/28/2011 4:29:28 PM mbam-log-2011-12-28 (16-29-28).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 266640 Time elapsed: 3 hour(s), 37 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\.pox (Rogue.FixTool) -> Quarantined and deleted successfully. HKCR\pofile (Rogue.FixTool) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 8 C:\Program Files\Perfect Optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. C:\Program Files\Perfect Optimizer\Backup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. C:\Program Files\Perfect Optimizer\Backup\Application (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. C:\Program Files\Perfect Optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. C:\Program Files\Perfect Optimizer\Backup\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. C:\Program Files\Perfect Optimizer\Temp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. Files Detected: 1 C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully. (end) Quote
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 OTL logfile created on: 12/28/2011 8:46:18 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fedenfam\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 160.20 Mb Available Physical Memory | 31.41% Memory free 1.12 Gb Paging File | 0.37 Gb Available in Paging File | 32.77% Paging File free Paging file location(s): C:\pagefile.sys 500 900 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.60 Gb Total Space | 12.71 Gb Free Space | 38.99% Space Free | Partition Type: NTFS Computer Name: HP | User Name: fedenfam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\fedenfam\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\SYSTEM32\exshow95.exe (Kensington Technology Group) PRC - C:\WINDOWS\SYSTEM32\PackethSvc.exe (America Online, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\11122801\algo.dll () MOD - C:\Program Files\AVAST Software\Avast\defs\11122801\aswRep.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll () MOD - C:\Program Files\UnifiedToolbar\3.2\IE\JsonExSerializer.dll () ========== Win32 Services (SafeList) ========== SRV - (Winkebo) -- File not found SRV - (AppMgmt) -- File not found SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe (AG Interactive) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (PackethSvc) -- C:\WINDOWS\SYSTEM32\PackethSvc.exe (America Online, Inc.) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (ltmodem5) -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys (LT) DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\SYSTEM32\drivers\SQCaptur.sys (Service & Quality Technology.) DRV - (Freedom) -- C:\WINDOWS\freedom.backup.dat () DRV - (NETMDUSB) -- C:\WINDOWS\SYSTEM32\drivers\NETMDUSB.sys (Sony Corporation) DRV - (PalmUSBD) -- C:\WINDOWS\SYSTEM32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (ousb2hub) -- C:\WINDOWS\SYSTEM32\drivers\ousb2hub.sys (OrangeWare Corporation) DRV - (ousbehci) -- C:\WINDOWS\SYSTEM32\drivers\ousbehci.sys (OrangeWare Corporation) DRV - (S3SavageNB) -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys (S3 Graphics, Inc.) DRV - (pfc) -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys (Padus, Inc.) DRV - (KMW_SYS) -- C:\WINDOWS\SYSTEM32\drivers\KMW_SYS.sys (Kensington Technology Group) DRV - (KID_SYS) -- C:\WINDOWS\SYSTEM32\drivers\kid_sys.sys (Kensington Technology Group) DRV - (ms_mpu401) -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (nv4) -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys (NVIDIA Corporation) DRV - (wandrv) -- C:\WINDOWS\SYSTEM32\drivers\wandrv.sys (America Online, Inc.) DRV - (i81x) -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys (Intel® Corporation) DRV - (Ps2) -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (PcdrNt) -- C:\WINDOWS\System32\drivers\PcdrNt.sys (PC-Doctor Inc.) DRV - (SMPLSCSI) -- C:\WINDOWS\System32\drivers\SMPLSCSI.SYS (OnSpec Electronic, Inc.) DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/03 15:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files\Kiwee Toolbar\2.8.167\firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files\UnifiedToolbar\3.2\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CF21F2A2-B12F-4A69-8F63-1F8459A0C002}: C:\Documents and Settings\fedenfam\Local Settings\Application Data\{CF21F2A2-B12F-4A69-8F63-1F8459A0C002}\ [2010/12/10 10:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/30 16:01:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/03 15:10:30 | 000,000,000 | ---D | M] [2011/04/19 16:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fedenfam\Application Data\Mozilla\Extensions O1 HOSTS File: ([2008/07/09 20:01:23 | 000,250,869 | R--- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.139mm.com O1 - Hosts: 8769 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found. O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll () O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {91917DC6-93B9-4E62-B2D6-D39C9618C418} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll (Compete, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [EXSHOW95.EXE] C:\WINDOWS\System32\exshow95.exe (Kensington Technology Group) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [MSWheel] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [s3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [windows auto update] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found O4 - HKCU..\Run: [regsrv32.exe] regsrv32.exe File not found O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk = File not found O4 - Startup: C:\Documents and Settings\fedenfam\Start Menu\Programs\Startup\HandStory.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ File not found O9 - Extra Button: Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Palm\HandStoryTE.htm File not found O9 - Extra 'Tools' menuitem : &Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Palm\HandStoryTE.htm File not found O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ File not found O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01D1C6CD-6D44-46B6-BA89-10155A459FBE}: DhcpNameServer = 15.60.103.1 15.60.103.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86ED904F-65B3-4B61-AB9E-522658395BDC}: DhcpNameServer = 192.168.0.1 205.171.3.25 O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll) -c:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll) -c:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 () - http://morepictures.com/images/main/hawaiisurf.jpg O24 - Desktop Components:1 () - http://morepictures.com/images/main/diamond1.jpg O24 - Desktop Components:2 () - http://morepictures.com/images/main/hawaiipalms.jpg O24 - Desktop Components:3 () - http://images.google.com/images?q=tbn:9evOA2dfAXIJ:www.instant-art.com/catalog-safetysigns/prohibition/images/proh007-fork%2520lifts.jpg O24 - Desktop Components:4 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\fedenfam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\fedenfam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/12/23 18:55:07 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^fedenfam^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Bwijuro - hkey= - key= - File not found MsConfig - StartUpReg: DW6 - hkey= - key= - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/12/28 20:41:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fedenfam\Desktop\OTL.scr [2011/12/28 16:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Application Data\Malwarebytes [2011/12/28 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/28 16:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/12/28 16:21:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/28 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/12/08 11:54:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\fedenfam\Desktop\dds.com [2011/12/06 13:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Start Menu\Programs\HiJackThis [2011/12/06 10:53:51 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\fedenfam\Desktop\SysInfo.exe [2011/12/01 13:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Consumer Input [2011/11/30 16:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/11/30 16:00:28 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/11/30 15:59:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/11/30 15:59:21 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/11/30 15:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/11/30 15:59:12 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/02/21 11:55:32 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\log4cxx.dll [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/28 20:54:04 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/12/28 20:42:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fedenfam\Desktop\OTL.scr [2011/12/28 19:46:29 | 000,000,596 | ---- | M] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2011/12/28 16:21:21 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/28 16:06:05 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-334337264-1445258045-1803559485-1007.job [2011/12/28 14:19:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/28 13:53:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-334337264-1445258045-1803559485-1007.job [2011/12/28 13:52:56 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/12/28 13:52:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/28 13:52:25 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys [2011/12/28 12:00:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job [2011/12/28 11:24:02 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/12/27 16:49:15 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIES BIRTHDAYS.wps [2011/12/24 12:38:02 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\GOD'S CHRISTMAS PRESENT.wps [2011/12/23 16:23:28 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\WHO THREW THE OVERALLS.wps [2011/12/23 13:20:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ¡Ÿ¡ [2011/12/22 20:37:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\THREE WISE WOMEN.wps [2011/12/22 20:35:07 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\TOUCHING CHRISTMAS POEM.wps [2011/12/17 15:22:28 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk [2011/12/15 09:07:53 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/15 08:49:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/12/14 10:07:51 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\MY JEOPARDY ANSWERS.wps [2011/12/14 09:29:56 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\WORSHIP JANUARY 1.wps [2011/12/12 16:36:54 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\MY JEOPARDY QUESTIONS.wps [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/08 11:56:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\fedenfam\Desktop\dds.com [2011/12/06 16:59:51 | 000,013,192 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps.rtf [2011/12/06 16:59:26 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps [2011/12/06 15:04:37 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.lnk [2011/12/06 13:18:38 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.msi [2011/12/06 10:54:43 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\fedenfam\Desktop\SysInfo.exe [2011/12/03 13:47:30 | 000,201,216 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\THE FIRST NOEL KEY OF Bb.wps [2011/12/02 20:43:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\O COME LET US ADORE HIM KEY OF Eb.wps [2011/12/01 21:00:54 | 000,000,201 | -HS- | M] () -- C:\BOOT.INI [2011/11/30 20:02:44 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/11/30 16:03:30 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/11/30 16:00:29 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/11/30 15:59:21 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/11/30 15:59:21 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/11/30 15:59:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/11/30 15:44:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\fedenfam\Ÿ¡Ÿ¡ [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/28 16:21:21 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/24 12:34:18 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\GOD'S CHRISTMAS PRESENT.wps [2011/12/23 13:20:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ÿ¡Ÿ¡ [2011/12/21 17:19:51 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\TOUCHING CHRISTMAS POEM.wps [2011/12/17 15:53:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\THREE WISE WOMEN.wps [2011/12/15 08:16:33 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011/12/14 09:26:44 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\WORSHIP JANUARY 1.wps [2011/12/06 16:59:51 | 000,013,192 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps.rtf [2011/12/06 13:24:29 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.lnk [2011/12/06 13:17:35 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.msi [2011/12/05 17:44:42 | 000,035,353 | ---- | C] () -- C:\WINDOWS\_detmp.1 [2011/12/03 13:03:29 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\THE FIRST NOEL KEY OF Bb.wps [2011/12/02 20:43:37 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\O COME LET US ADORE HIM KEY OF Eb.wps [2011/11/30 16:03:30 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/02/21 11:56:10 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\ie_runner_app.exe [2011/02/21 11:56:10 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\common_functions.dll [2011/01/27 15:04:01 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat [2010/12/29 10:56:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\prvlcl.dat [2010/06/11 13:28:30 | 000,165,432 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2010/06/11 13:28:30 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2008/11/03 16:13:37 | 000,165,256 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2008/11/03 16:13:36 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2008/10/31 15:33:22 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll [2008/10/31 15:33:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll [2008/07/06 19:00:03 | 000,000,308 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2006/01/02 21:18:55 | 000,001,595 | ---- | C] () -- C:\WINDOWS\checkip.dat [2005/12/24 23:02:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2005/12/21 13:40:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005/09/14 12:02:58 | 000,002,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2005/08/17 16:11:46 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll [2005/08/17 16:11:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll [2005/05/09 16:17:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE [2005/05/08 21:27:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/05/08 20:31:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2005/03/05 14:42:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\ST1_Un0.exe [2004/12/03 17:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\infamous_downloader.exe [2004/12/01 21:23:12 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/11/28 13:41:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/08/15 09:20:16 | 000,000,088 | ---- | C] () -- C:\WINDOWS\TOPO.INI [2004/05/21 11:14:44 | 000,000,530 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/05/20 20:25:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\HandStory.ini [2004/05/19 15:53:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\install2.exe [2004/05/18 16:55:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0021-bdl94126.EXE [2004/04/02 07:02:04 | 000,000,094 | ---- | C] () -- C:\WINDOWS\regsrv32.dat [2004/01/19 07:50:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\fedenfam\Application Data\hpothb07.tif [2004/01/19 07:50:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\fedenfam\Application Data\hpothb07.dat [2004/01/17 14:03:50 | 000,018,283 | ---- | C] () -- C:\WINDOWS\HPHins01.dat.temp [2004/01/17 14:03:50 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat.temp [2003/12/26 21:30:16 | 000,000,088 | ---- | C] () -- C:\WINDOWS\PicView.INI [2003/12/07 18:59:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2003/10/11 20:31:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\hegames.ini [2003/09/07 15:05:04 | 000,001,428 | -H-- | C] () -- C:\Program Files\hpothb07.dat [2003/09/07 15:05:03 | 000,005,375 | -H-- | C] () -- C:\Program Files\hpothb07.tif [2003/08/11 18:08:20 | 000,000,148 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2003/08/05 13:36:18 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe [2003/07/16 15:35:34 | 000,000,809 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2003/07/16 15:35:23 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe [2003/04/16 14:20:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2003/03/05 18:37:29 | 000,000,354 | ---- | C] () -- C:\WINDOWS\ereg077.dat [2003/02/13 19:46:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Prestopm.INI [2003/02/13 16:57:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2003/02/13 16:45:39 | 000,003,719 | ---- | C] () -- C:\WINDOWS\if40.ini [2003/02/13 16:45:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\pexplore.ini [2003/02/13 16:44:35 | 000,000,055 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI [2003/02/04 21:07:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2002/12/08 11:21:29 | 000,000,457 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2002/10/24 19:33:14 | 000,000,556 | ---- | C] () -- C:\WINDOWS\eReg.dat [2002/10/22 19:08:49 | 000,000,205 | ---- | C] () -- C:\WINDOWS\qtw.ini [2002/10/01 15:43:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2002/10/01 15:43:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2002/10/01 15:43:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2002/10/01 15:43:30 | 000,000,309 | ---- | C] () -- C:\WINDOWS\EReg515.dat [2002/10/01 15:40:12 | 000,000,971 | ---- | C] () -- C:\WINDOWS\disney.ini [2002/10/01 15:39:43 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2002/06/21 17:53:28 | 000,000,087 | ---- | C] () -- C:\WINDOWS\videoimp.ini [2002/06/21 17:53:01 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2002/06/16 07:54:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI [2002/06/16 07:54:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini [2002/06/16 07:54:06 | 000,000,524 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI [2002/05/31 21:32:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2002/05/16 20:34:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2002/05/16 20:33:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2002/04/30 19:55:02 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\ssitid.dat [2002/04/30 19:48:53 | 000,037,364 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat [2002/04/13 17:54:15 | 000,000,137 | ---- | C] () -- C:\WINDOWS\Weather.INI [2002/04/11 11:28:03 | 000,000,596 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2002/04/11 11:27:38 | 004,700,056 | ---- | C] () -- C:\WINDOWS\Pacific Coasts Screen Savers .dat [2002/04/11 11:27:11 | 001,554,637 | ---- | C] () -- C:\WINDOWS\Space Screen Savers .dat [2002/04/11 11:26:15 | 011,280,733 | ---- | C] () -- C:\WINDOWS\Majestic Mountains Rivers and Waterfalls Screen Sa.dat [2002/04/11 11:25:45 | 001,643,542 | ---- | C] () -- C:\WINDOWS\Landmarks Screen Savers .dat [2002/04/11 11:25:31 | 009,175,824 | ---- | C] () -- C:\WINDOWS\Animals of America screen saver.dat [2002/04/11 11:24:41 | 008,290,006 | ---- | C] () -- C:\WINDOWS\US Cities.dat [2002/04/11 11:24:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe [2002/04/11 11:23:47 | 000,000,010 | ---- | C] () -- C:\WINDOWS\4discbib.ini [2002/04/11 11:23:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\gbaform1.ini [2002/04/09 07:46:43 | 000,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll [2002/04/09 07:46:43 | 000,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll [2001/11/09 10:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2001/11/08 19:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini [2001/11/06 18:50:47 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2001/11/06 18:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL [2001/11/06 18:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll [2001/11/06 18:46:13 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.153.exe [2001/11/06 18:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL [2001/11/06 18:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll [2001/11/06 18:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys [2001/11/06 18:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallDriver.exe [2001/11/06 18:21:26 | 000,000,515 | ---- | C] () -- C:\WINDOWS\fantasy2.ini [2001/11/06 18:21:26 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini [2001/11/06 18:21:26 | 000,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2001/11/06 17:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll [2001/11/06 17:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll [2001/11/06 17:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2001/11/06 13:40:54 | 000,000,879 | ---- | C] () -- C:\WINDOWS\orun32.ini [2001/11/06 13:39:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2001/11/06 13:32:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2001/11/06 13:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2001/11/06 05:27:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001/11/06 05:26:54 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2001/11/06 05:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001/11/06 05:21:27 | 000,434,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/11/06 05:21:27 | 000,068,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/11/06 05:21:25 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/11/06 05:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/17 21:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001/08/17 21:36:18 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2001/08/17 21:36:18 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2001/08/17 21:36:18 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2001/08/17 21:36:18 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2001/08/17 21:36:18 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2001/08/17 12:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/17 12:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/17 12:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/08 06:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll [2001/08/07 17:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll [2001/07/21 13:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/07/21 13:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/07/21 13:24:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [1997/06/13 16:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== LOP Check ========== [2011/06/30 10:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi [2002/04/14 19:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America Online [2011/04/12 17:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aOo16633mCjMh16633 [2011/10/22 12:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2011/02/28 10:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/02/28 09:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/12/19 16:43:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/06/28 17:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM [2011/06/28 17:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail [2008/12/02 18:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar [2010/12/19 16:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/07/28 15:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2003/06/15 18:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS [2010/11/01 09:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2011/06/28 17:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator [2010/10/27 17:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest [2010/10/29 17:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\agi [2010/12/19 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\AVG10 [2004/05/17 18:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Business Logic [2010/10/29 17:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\DriverCure [2011/08/02 09:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\FCSB000062377 [2010/11/03 18:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\FixCleaner [2011/01/14 16:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\imeshmediabartb [2001/11/16 06:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\InterTrust [2003/08/09 06:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Leadertech [2005/11/10 21:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Lycos [2011/05/16 12:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\OpenOffice.org [2010/10/29 17:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\ParetoLogic [2011/01/06 19:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\searchqutb [2005/06/10 23:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Snapfish [2003/03/20 16:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Template [2008/07/10 14:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\WeatherBug [2011/12/28 14:19:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2011/12/28 12:00:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\PerfectOptimizer_home.job [2011/12/28 20:54:04 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2004/12/22 15:22:03 | 000,000,000 | ---- | M] () -- C:\AILog.txt [2010/12/23 18:55:07 | 000,001,688 | ---- | M] () -- C:\AUTOEXEC.NT [2011/12/01 21:00:54 | 000,000,201 | -HS- | M] () -- C:\BOOT.INI [2008/06/10 07:57:21 | 000,000,242 | ---- | M] () -- C:\CDFE.log [2001/11/06 13:36:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2001/11/09 10:36:10 | 000,007,887 | ---- | M] () -- C:\FINIS_IT.TXT [2011/12/28 13:52:25 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys [2006/01/08 16:05:23 | 000,000,415 | ---- | M] () -- C:\hpcmerr.log [2004/01/19 08:10:53 | 000,000,920 | -H-- | M] () -- C:\hpothb07.dat [2004/01/19 07:53:37 | 000,001,729 | -H-- | M] () -- C:\hpothb07.tif [2003/08/05 13:48:02 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log [2001/11/06 13:36:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2002/04/27 10:20:58 | 000,001,139 | -H-- | M] () -- C:\IPH.PH [2005/06/17 16:58:31 | 000,000,017 | ---- | M] () -- C:\log.txt [2008/07/06 18:48:26 | 000,004,222 | ---- | M] () -- C:\lxcg.log [2008/06/10 07:57:00 | 000,000,000 | ---- | M] () -- C:\lxcgfire.csv [2008/06/10 07:58:19 | 000,000,867 | ---- | M] () -- C:\LXCGINST.csv [2008/07/06 18:48:26 | 000,000,571 | ---- | M] () -- C:\lxcgscan.log [2008/07/06 18:51:02 | 000,337,698 | ---- | M] () -- C:\lxcgUNST.csv [2001/11/06 13:36:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2005/05/06 12:38:29 | 000,001,112 | ---- | M] () -- C:\net_save.dna [2005/05/09 09:00:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/12/26 14:36:33 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/12/28 19:25:00 | 697,303,040 | -HS- | M] () -- C:\pagefile.sys [2005/03/05 14:44:50 | 000,011,351 | ---- | M] () -- C:\stsetup.log [2004/12/29 20:46:11 | 000,000,772 | ---- | M] () -- C:\tmp.txt [2008/11/11 17:57:56 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log [2001/11/09 14:44:03 | 000,000,008 | ---- | M] () -- C:\USER < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2001/11/06 05:25:04 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2001/11/06 05:25:04 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2001/11/06 05:25:04 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > [2004/01/19 07:55:41 | 000,001,428 | -H-- | M] () -- C:\Program Files\hpothb07.dat [2004/01/19 07:55:41 | 000,005,375 | -H-- | M] () -- C:\Program Files\hpothb07.tif < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > OTL Extras logfile created on: 12/28/2011 8:46:18 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fedenfam\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 160.20 Mb Available Physical Memory | 31.41% Memory free 1.12 Gb Paging File | 0.37 Gb Available in Paging File | 32.77% Paging File free Paging file location(s): C:\pagefile.sys 500 900 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.60 Gb Total Space | 12.71 Gb Free Space | 38.99% Space Free | Partition Type: NTFS Computer Name: HP | User Name: fedenfam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\support.com\bin\tgcmd.exe" = C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire "C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Ahead software AG) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{10deb052-db5d-32a6-9ff2-200e810d1a7b}" = Kiwee Toolbar for Firefox "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 29 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}" = Adobe Flash Player 10 Plugin "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57764780-E33B-11D1-96ED-00A024A83A15}" = Kensington MouseWorks "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8aade841-03c5-486a-b048-bb112cc0cac5}" = egreetings.com Toolbar for Internet Explorer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF7DB138-76ED-4E17-8764-1AAE1792F30F}" = Sony MP3 Conversion Tool "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help "{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "America Online us" = America Online "avast" = avast! Free Antivirus "BackWeb-137903 Uninstaller" = hp center "Card Games" = Card Games "CCleaner" = CCleaner (remove only) "conduitEngine" = Conduit Engine "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "ie8" = Windows Internet Explorer 8 "iMesh 1 MediaBar" = MediaBar "Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only) "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "MGI PhotoSuite Mobile Edition" = MGI PhotoSuite Mobile Edition (Remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MUSICMATCH Jukebox" = MUSICMATCH Jukebox "Nero PhotoShow Express" = Nero PhotoShow Express "NeroMultiInstaller!UninstallKey" = Nero Suite "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "PCDoctor" = PC-Doctor for Windows "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "RealPlayer 15.0" = RealPlayer "Scanport Applications" = Presto! PageManager "Searchqu MediaBar" = Windows Searchqu Toolbar "Shop for HP Supplies" = Shop for HP Supplies "Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "TOPO!" = TOPO! "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Consumer Input Software" = Consumer Input Software (remove only) "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/17/2011 8:49:54 PM | Computer Name = HP | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb. Error - 8/17/2011 8:50:07 PM | Computer Name = HP | Source = Application Error | ID = 1001 Description = Fault bucket 1228147305. Error - 8/17/2011 9:02:58 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application Weather.exe, version 6.7.0.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/17/2011 9:04:21 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 517211759. Error - 8/18/2011 12:20:21 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/18/2011 12:20:40 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 8/20/2011 2:09:49 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/20/2011 2:11:06 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 8/20/2011 2:17:44 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/20/2011 2:18:12 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. [ System Events ] Error - 12/27/2011 11:35:42 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The ONSIO service failed to start due to the following error: %%2 Error - 12/27/2011 11:37:04 AM | Computer Name = HP | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 12/27/2011 11:37:04 AM | Computer Name = HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SMPLSCSI Error - 12/28/2011 9:39:34 AM | Computer Name = HP | Source = PSched | ID = 14103 Description = QoS [Adapter {86ED904F-65B3-4B61-AB9E-522658395BDC}]: The netcard driver failed the query for OID_GEN_LINK_SPEED. Error - 12/28/2011 5:54:19 PM | Computer Name = HP | Source = Print | ID = 23 Description = Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found. Error - 12/28/2011 5:54:38 PM | Computer Name = HP | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the AG Core Services service to connect. Error - 12/28/2011 5:54:38 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The AG Core Services service failed to start due to the following error: %%1053 Error - 12/28/2011 5:54:38 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The ONSIO service failed to start due to the following error: %%2 Error - 12/28/2011 5:56:07 PM | Computer Name = HP | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 12/28/2011 5:56:07 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SMPLSCSI < End of report > Quote
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 OTL logfile created on: 12/28/2011 8:46:18 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fedenfam\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 160.20 Mb Available Physical Memory | 31.41% Memory free 1.12 Gb Paging File | 0.37 Gb Available in Paging File | 32.77% Paging File free Paging file location(s): C:\pagefile.sys 500 900 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.60 Gb Total Space | 12.71 Gb Free Space | 38.99% Space Free | Partition Type: NTFS Computer Name: HP | User Name: fedenfam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\fedenfam\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\SYSTEM32\exshow95.exe (Kensington Technology Group) PRC - C:\WINDOWS\SYSTEM32\PackethSvc.exe (America Online, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\11122801\algo.dll () MOD - C:\Program Files\AVAST Software\Avast\defs\11122801\aswRep.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll () MOD - C:\Program Files\UnifiedToolbar\3.2\IE\JsonExSerializer.dll () ========== Win32 Services (SafeList) ========== SRV - (Winkebo) -- File not found SRV - (AppMgmt) -- File not found SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe (AG Interactive) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (PackethSvc) -- C:\WINDOWS\SYSTEM32\PackethSvc.exe (America Online, Inc.) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (ltmodem5) -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys (LT) DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\SYSTEM32\drivers\SQCaptur.sys (Service & Quality Technology.) DRV - (Freedom) -- C:\WINDOWS\freedom.backup.dat () DRV - (NETMDUSB) -- C:\WINDOWS\SYSTEM32\drivers\NETMDUSB.sys (Sony Corporation) DRV - (PalmUSBD) -- C:\WINDOWS\SYSTEM32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (ousb2hub) -- C:\WINDOWS\SYSTEM32\drivers\ousb2hub.sys (OrangeWare Corporation) DRV - (ousbehci) -- C:\WINDOWS\SYSTEM32\drivers\ousbehci.sys (OrangeWare Corporation) DRV - (S3SavageNB) -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys (S3 Graphics, Inc.) DRV - (pfc) -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys (Padus, Inc.) DRV - (KMW_SYS) -- C:\WINDOWS\SYSTEM32\drivers\KMW_SYS.sys (Kensington Technology Group) DRV - (KID_SYS) -- C:\WINDOWS\SYSTEM32\drivers\kid_sys.sys (Kensington Technology Group) DRV - (ms_mpu401) -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (nv4) -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys (NVIDIA Corporation) DRV - (wandrv) -- C:\WINDOWS\SYSTEM32\drivers\wandrv.sys (America Online, Inc.) DRV - (i81x) -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys (Intel® Corporation) DRV - (Ps2) -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (PcdrNt) -- C:\WINDOWS\System32\drivers\PcdrNt.sys (PC-Doctor Inc.) DRV - (SMPLSCSI) -- C:\WINDOWS\System32\drivers\SMPLSCSI.SYS (OnSpec Electronic, Inc.) DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/03 15:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files\Kiwee Toolbar\2.8.167\firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files\UnifiedToolbar\3.2\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CF21F2A2-B12F-4A69-8F63-1F8459A0C002}: C:\Documents and Settings\fedenfam\Local Settings\Application Data\{CF21F2A2-B12F-4A69-8F63-1F8459A0C002}\ [2010/12/10 10:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/30 16:01:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/03 15:10:30 | 000,000,000 | ---D | M] [2011/04/19 16:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fedenfam\Application Data\Mozilla\Extensions O1 HOSTS File: ([2008/07/09 20:01:23 | 000,250,869 | R--- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.139mm.com O1 - Hosts: 8769 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found. O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll () O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {91917DC6-93B9-4E62-B2D6-D39C9618C418} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll (Compete, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [EXSHOW95.EXE] C:\WINDOWS\System32\exshow95.exe (Kensington Technology Group) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [MSWheel] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [s3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [windows auto update] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found O4 - HKCU..\Run: [regsrv32.exe] regsrv32.exe File not found O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk = File not found O4 - Startup: C:\Documents and Settings\fedenfam\Start Menu\Programs\Startup\HandStory.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ File not found O9 - Extra Button: Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Palm\HandStoryTE.htm File not found O9 - Extra 'Tools' menuitem : &Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Palm\HandStoryTE.htm File not found O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ File not found O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01D1C6CD-6D44-46B6-BA89-10155A459FBE}: DhcpNameServer = 15.60.103.1 15.60.103.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86ED904F-65B3-4B61-AB9E-522658395BDC}: DhcpNameServer = 192.168.0.1 205.171.3.25 O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll) -c:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll) -c:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 () - http://morepictures.com/images/main/hawaiisurf.jpg O24 - Desktop Components:1 () - http://morepictures.com/images/main/diamond1.jpg O24 - Desktop Components:2 () - http://morepictures.com/images/main/hawaiipalms.jpg O24 - Desktop Components:3 () - http://images.google.com/images?q=tbn:9evOA2dfAXIJ:www.instant-art.com/catalog-safetysigns/prohibition/images/proh007-fork%2520lifts.jpg O24 - Desktop Components:4 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\fedenfam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\fedenfam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/12/23 18:55:07 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^fedenfam^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Bwijuro - hkey= - key= - File not found MsConfig - StartUpReg: DW6 - hkey= - key= - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/12/28 20:41:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fedenfam\Desktop\OTL.scr [2011/12/28 16:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Application Data\Malwarebytes [2011/12/28 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/28 16:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/12/28 16:21:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/28 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/12/08 11:54:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\fedenfam\Desktop\dds.com [2011/12/06 13:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Start Menu\Programs\HiJackThis [2011/12/06 10:53:51 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\fedenfam\Desktop\SysInfo.exe [2011/12/01 13:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Consumer Input [2011/11/30 16:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/11/30 16:00:28 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/11/30 15:59:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/11/30 15:59:21 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/11/30 15:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/11/30 15:59:12 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/02/21 11:55:32 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\log4cxx.dll [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/28 20:54:04 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/12/28 20:42:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fedenfam\Desktop\OTL.scr [2011/12/28 19:46:29 | 000,000,596 | ---- | M] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2011/12/28 16:21:21 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/28 16:06:05 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-334337264-1445258045-1803559485-1007.job [2011/12/28 14:19:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/28 13:53:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-334337264-1445258045-1803559485-1007.job [2011/12/28 13:52:56 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/12/28 13:52:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/28 13:52:25 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys [2011/12/28 12:00:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job [2011/12/28 11:24:02 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/12/27 16:49:15 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIES BIRTHDAYS.wps [2011/12/24 12:38:02 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\GOD'S CHRISTMAS PRESENT.wps [2011/12/23 16:23:28 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\WHO THREW THE OVERALLS.wps [2011/12/23 13:20:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ¡Ÿ¡ [2011/12/22 20:37:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\THREE WISE WOMEN.wps [2011/12/22 20:35:07 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\TOUCHING CHRISTMAS POEM.wps [2011/12/17 15:22:28 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk [2011/12/15 09:07:53 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/15 08:49:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/12/14 10:07:51 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\MY JEOPARDY ANSWERS.wps [2011/12/14 09:29:56 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\WORSHIP JANUARY 1.wps [2011/12/12 16:36:54 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\MY JEOPARDY QUESTIONS.wps [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/08 11:56:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\fedenfam\Desktop\dds.com [2011/12/06 16:59:51 | 000,013,192 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps.rtf [2011/12/06 16:59:26 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps [2011/12/06 15:04:37 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.lnk [2011/12/06 13:18:38 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.msi [2011/12/06 10:54:43 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\fedenfam\Desktop\SysInfo.exe [2011/12/03 13:47:30 | 000,201,216 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\THE FIRST NOEL KEY OF Bb.wps [2011/12/02 20:43:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\O COME LET US ADORE HIM KEY OF Eb.wps [2011/12/01 21:00:54 | 000,000,201 | -HS- | M] () -- C:\BOOT.INI [2011/11/30 20:02:44 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/11/30 16:03:30 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/11/30 16:00:29 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/11/30 15:59:21 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/11/30 15:59:21 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/11/30 15:59:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/11/30 15:44:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\fedenfam\Ÿ¡Ÿ¡ [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/28 16:21:21 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/24 12:34:18 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\GOD'S CHRISTMAS PRESENT.wps [2011/12/23 13:20:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ÿ¡Ÿ¡ [2011/12/21 17:19:51 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\TOUCHING CHRISTMAS POEM.wps [2011/12/17 15:53:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\THREE WISE WOMEN.wps [2011/12/15 08:16:33 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011/12/14 09:26:44 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\WORSHIP JANUARY 1.wps [2011/12/06 16:59:51 | 000,013,192 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps.rtf [2011/12/06 13:24:29 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.lnk [2011/12/06 13:17:35 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.msi [2011/12/05 17:44:42 | 000,035,353 | ---- | C] () -- C:\WINDOWS\_detmp.1 [2011/12/03 13:03:29 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\THE FIRST NOEL KEY OF Bb.wps [2011/12/02 20:43:37 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\O COME LET US ADORE HIM KEY OF Eb.wps [2011/11/30 16:03:30 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/02/21 11:56:10 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\ie_runner_app.exe [2011/02/21 11:56:10 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\common_functions.dll [2011/01/27 15:04:01 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat [2010/12/29 10:56:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\prvlcl.dat [2010/06/11 13:28:30 | 000,165,432 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2010/06/11 13:28:30 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2008/11/03 16:13:37 | 000,165,256 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2008/11/03 16:13:36 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2008/10/31 15:33:22 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll [2008/10/31 15:33:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll [2008/07/06 19:00:03 | 000,000,308 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2006/01/02 21:18:55 | 000,001,595 | ---- | C] () -- C:\WINDOWS\checkip.dat [2005/12/24 23:02:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2005/12/21 13:40:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005/09/14 12:02:58 | 000,002,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2005/08/17 16:11:46 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll [2005/08/17 16:11:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll [2005/05/09 16:17:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE [2005/05/08 21:27:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/05/08 20:31:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2005/03/05 14:42:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\ST1_Un0.exe [2004/12/03 17:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\infamous_downloader.exe [2004/12/01 21:23:12 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/11/28 13:41:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/08/15 09:20:16 | 000,000,088 | ---- | C] () -- C:\WINDOWS\TOPO.INI [2004/05/21 11:14:44 | 000,000,530 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/05/20 20:25:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\HandStory.ini [2004/05/19 15:53:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\install2.exe [2004/05/18 16:55:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0021-bdl94126.EXE [2004/04/02 07:02:04 | 000,000,094 | ---- | C] () -- C:\WINDOWS\regsrv32.dat [2004/01/19 07:50:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\fedenfam\Application Data\hpothb07.tif [2004/01/19 07:50:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\fedenfam\Application Data\hpothb07.dat [2004/01/17 14:03:50 | 000,018,283 | ---- | C] () -- C:\WINDOWS\HPHins01.dat.temp [2004/01/17 14:03:50 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat.temp [2003/12/26 21:30:16 | 000,000,088 | ---- | C] () -- C:\WINDOWS\PicView.INI [2003/12/07 18:59:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2003/10/11 20:31:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\hegames.ini [2003/09/07 15:05:04 | 000,001,428 | -H-- | C] () -- C:\Program Files\hpothb07.dat [2003/09/07 15:05:03 | 000,005,375 | -H-- | C] () -- C:\Program Files\hpothb07.tif [2003/08/11 18:08:20 | 000,000,148 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2003/08/05 13:36:18 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe [2003/07/16 15:35:34 | 000,000,809 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2003/07/16 15:35:23 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe [2003/04/16 14:20:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2003/03/05 18:37:29 | 000,000,354 | ---- | C] () -- C:\WINDOWS\ereg077.dat [2003/02/13 19:46:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Prestopm.INI [2003/02/13 16:57:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2003/02/13 16:45:39 | 000,003,719 | ---- | C] () -- C:\WINDOWS\if40.ini [2003/02/13 16:45:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\pexplore.ini [2003/02/13 16:44:35 | 000,000,055 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI [2003/02/04 21:07:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2002/12/08 11:21:29 | 000,000,457 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2002/10/24 19:33:14 | 000,000,556 | ---- | C] () -- C:\WINDOWS\eReg.dat [2002/10/22 19:08:49 | 000,000,205 | ---- | C] () -- C:\WINDOWS\qtw.ini [2002/10/01 15:43:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2002/10/01 15:43:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2002/10/01 15:43:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2002/10/01 15:43:30 | 000,000,309 | ---- | C] () -- C:\WINDOWS\EReg515.dat [2002/10/01 15:40:12 | 000,000,971 | ---- | C] () -- C:\WINDOWS\disney.ini [2002/10/01 15:39:43 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2002/06/21 17:53:28 | 000,000,087 | ---- | C] () -- C:\WINDOWS\videoimp.ini [2002/06/21 17:53:01 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2002/06/16 07:54:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI [2002/06/16 07:54:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini [2002/06/16 07:54:06 | 000,000,524 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI [2002/05/31 21:32:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2002/05/16 20:34:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2002/05/16 20:33:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2002/04/30 19:55:02 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\ssitid.dat [2002/04/30 19:48:53 | 000,037,364 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat [2002/04/13 17:54:15 | 000,000,137 | ---- | C] () -- C:\WINDOWS\Weather.INI [2002/04/11 11:28:03 | 000,000,596 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2002/04/11 11:27:38 | 004,700,056 | ---- | C] () -- C:\WINDOWS\Pacific Coasts Screen Savers .dat [2002/04/11 11:27:11 | 001,554,637 | ---- | C] () -- C:\WINDOWS\Space Screen Savers .dat [2002/04/11 11:26:15 | 011,280,733 | ---- | C] () -- C:\WINDOWS\Majestic Mountains Rivers and Waterfalls Screen Sa.dat [2002/04/11 11:25:45 | 001,643,542 | ---- | C] () -- C:\WINDOWS\Landmarks Screen Savers .dat [2002/04/11 11:25:31 | 009,175,824 | ---- | C] () -- C:\WINDOWS\Animals of America screen saver.dat [2002/04/11 11:24:41 | 008,290,006 | ---- | C] () -- C:\WINDOWS\US Cities.dat [2002/04/11 11:24:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe [2002/04/11 11:23:47 | 000,000,010 | ---- | C] () -- C:\WINDOWS\4discbib.ini [2002/04/11 11:23:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\gbaform1.ini [2002/04/09 07:46:43 | 000,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll [2002/04/09 07:46:43 | 000,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll [2001/11/09 10:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2001/11/08 19:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini [2001/11/06 18:50:47 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2001/11/06 18:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL [2001/11/06 18:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll [2001/11/06 18:46:13 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.153.exe [2001/11/06 18:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL [2001/11/06 18:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll [2001/11/06 18:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys [2001/11/06 18:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallDriver.exe [2001/11/06 18:21:26 | 000,000,515 | ---- | C] () -- C:\WINDOWS\fantasy2.ini [2001/11/06 18:21:26 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini [2001/11/06 18:21:26 | 000,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2001/11/06 17:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll [2001/11/06 17:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll [2001/11/06 17:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2001/11/06 13:40:54 | 000,000,879 | ---- | C] () -- C:\WINDOWS\orun32.ini [2001/11/06 13:39:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2001/11/06 13:32:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2001/11/06 13:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2001/11/06 05:27:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001/11/06 05:26:54 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2001/11/06 05:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001/11/06 05:21:27 | 000,434,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/11/06 05:21:27 | 000,068,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/11/06 05:21:25 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/11/06 05:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/17 21:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001/08/17 21:36:18 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2001/08/17 21:36:18 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2001/08/17 21:36:18 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2001/08/17 21:36:18 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2001/08/17 21:36:18 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2001/08/17 12:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/17 12:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/17 12:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/08 06:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll [2001/08/07 17:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll [2001/07/21 13:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/07/21 13:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/07/21 13:24:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [1997/06/13 16:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== LOP Check ========== [2011/06/30 10:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi [2002/04/14 19:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America Online [2011/04/12 17:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aOo16633mCjMh16633 [2011/10/22 12:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2011/02/28 10:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/02/28 09:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/12/19 16:43:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/06/28 17:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM [2011/06/28 17:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail [2008/12/02 18:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar [2010/12/19 16:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/07/28 15:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2003/06/15 18:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS [2010/11/01 09:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2011/06/28 17:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator [2010/10/27 17:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest [2010/10/29 17:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\agi [2010/12/19 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\AVG10 [2004/05/17 18:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Business Logic [2010/10/29 17:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\DriverCure [2011/08/02 09:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\FCSB000062377 [2010/11/03 18:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\FixCleaner [2011/01/14 16:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\imeshmediabartb [2001/11/16 06:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\InterTrust [2003/08/09 06:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Leadertech [2005/11/10 21:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Lycos [2011/05/16 12:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\OpenOffice.org [2010/10/29 17:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\ParetoLogic [2011/01/06 19:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\searchqutb [2005/06/10 23:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Snapfish [2003/03/20 16:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\Template [2008/07/10 14:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fedenfam\Application Data\WeatherBug [2011/12/28 14:19:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2011/12/28 12:00:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\PerfectOptimizer_home.job [2011/12/28 20:54:04 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2004/12/22 15:22:03 | 000,000,000 | ---- | M] () -- C:\AILog.txt [2010/12/23 18:55:07 | 000,001,688 | ---- | M] () -- C:\AUTOEXEC.NT [2011/12/01 21:00:54 | 000,000,201 | -HS- | M] () -- C:\BOOT.INI [2008/06/10 07:57:21 | 000,000,242 | ---- | M] () -- C:\CDFE.log [2001/11/06 13:36:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2001/11/09 10:36:10 | 000,007,887 | ---- | M] () -- C:\FINIS_IT.TXT [2011/12/28 13:52:25 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys [2006/01/08 16:05:23 | 000,000,415 | ---- | M] () -- C:\hpcmerr.log [2004/01/19 08:10:53 | 000,000,920 | -H-- | M] () -- C:\hpothb07.dat [2004/01/19 07:53:37 | 000,001,729 | -H-- | M] () -- C:\hpothb07.tif [2003/08/05 13:48:02 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log [2001/11/06 13:36:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2002/04/27 10:20:58 | 000,001,139 | -H-- | M] () -- C:\IPH.PH [2005/06/17 16:58:31 | 000,000,017 | ---- | M] () -- C:\log.txt [2008/07/06 18:48:26 | 000,004,222 | ---- | M] () -- C:\lxcg.log [2008/06/10 07:57:00 | 000,000,000 | ---- | M] () -- C:\lxcgfire.csv [2008/06/10 07:58:19 | 000,000,867 | ---- | M] () -- C:\LXCGINST.csv [2008/07/06 18:48:26 | 000,000,571 | ---- | M] () -- C:\lxcgscan.log [2008/07/06 18:51:02 | 000,337,698 | ---- | M] () -- C:\lxcgUNST.csv [2001/11/06 13:36:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2005/05/06 12:38:29 | 000,001,112 | ---- | M] () -- C:\net_save.dna [2005/05/09 09:00:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/12/26 14:36:33 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/12/28 19:25:00 | 697,303,040 | -HS- | M] () -- C:\pagefile.sys [2005/03/05 14:44:50 | 000,011,351 | ---- | M] () -- C:\stsetup.log [2004/12/29 20:46:11 | 000,000,772 | ---- | M] () -- C:\tmp.txt [2008/11/11 17:57:56 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log [2001/11/09 14:44:03 | 000,000,008 | ---- | M] () -- C:\USER < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2001/11/06 05:25:04 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2001/11/06 05:25:04 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2001/11/06 05:25:04 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > [2004/01/19 07:55:41 | 000,001,428 | -H-- | M] () -- C:\Program Files\hpothb07.dat [2004/01/19 07:55:41 | 000,005,375 | -H-- | M] () -- C:\Program Files\hpothb07.tif < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > OTL Extras logfile created on: 12/28/2011 8:46:18 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fedenfam\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 160.20 Mb Available Physical Memory | 31.41% Memory free 1.12 Gb Paging File | 0.37 Gb Available in Paging File | 32.77% Paging File free Paging file location(s): C:\pagefile.sys 500 900 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.60 Gb Total Space | 12.71 Gb Free Space | 38.99% Space Free | Partition Type: NTFS Computer Name: HP | User Name: fedenfam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\support.com\bin\tgcmd.exe" = C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire "C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Ahead software AG) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{10deb052-db5d-32a6-9ff2-200e810d1a7b}" = Kiwee Toolbar for Firefox "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 29 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}" = Adobe Flash Player 10 Plugin "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57764780-E33B-11D1-96ED-00A024A83A15}" = Kensington MouseWorks "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8aade841-03c5-486a-b048-bb112cc0cac5}" = egreetings.com Toolbar for Internet Explorer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF7DB138-76ED-4E17-8764-1AAE1792F30F}" = Sony MP3 Conversion Tool "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help "{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "America Online us" = America Online "avast" = avast! Free Antivirus "BackWeb-137903 Uninstaller" = hp center "Card Games" = Card Games "CCleaner" = CCleaner (remove only) "conduitEngine" = Conduit Engine "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "ie8" = Windows Internet Explorer 8 "iMesh 1 MediaBar" = MediaBar "Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only) "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "MGI PhotoSuite Mobile Edition" = MGI PhotoSuite Mobile Edition (Remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MUSICMATCH Jukebox" = MUSICMATCH Jukebox "Nero PhotoShow Express" = Nero PhotoShow Express "NeroMultiInstaller!UninstallKey" = Nero Suite "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "PCDoctor" = PC-Doctor for Windows "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "RealPlayer 15.0" = RealPlayer "Scanport Applications" = Presto! PageManager "Searchqu MediaBar" = Windows Searchqu Toolbar "Shop for HP Supplies" = Shop for HP Supplies "Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "TOPO!" = TOPO! "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Consumer Input Software" = Consumer Input Software (remove only) "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/17/2011 8:49:54 PM | Computer Name = HP | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb. Error - 8/17/2011 8:50:07 PM | Computer Name = HP | Source = Application Error | ID = 1001 Description = Fault bucket 1228147305. Error - 8/17/2011 9:02:58 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application Weather.exe, version 6.7.0.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/17/2011 9:04:21 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 517211759. Error - 8/18/2011 12:20:21 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/18/2011 12:20:40 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 8/20/2011 2:09:49 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/20/2011 2:11:06 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 8/20/2011 2:17:44 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/20/2011 2:18:12 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. [ System Events ] Error - 12/27/2011 11:35:42 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The ONSIO service failed to start due to the following error: %%2 Error - 12/27/2011 11:37:04 AM | Computer Name = HP | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 12/27/2011 11:37:04 AM | Computer Name = HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SMPLSCSI Error - 12/28/2011 9:39:34 AM | Computer Name = HP | Source = PSched | ID = 14103 Description = QoS [Adapter {86ED904F-65B3-4B61-AB9E-522658395BDC}]: The netcard driver failed the query for OID_GEN_LINK_SPEED. Error - 12/28/2011 5:54:19 PM | Computer Name = HP | Source = Print | ID = 23 Description = Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found. Error - 12/28/2011 5:54:38 PM | Computer Name = HP | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the AG Core Services service to connect. Error - 12/28/2011 5:54:38 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The AG Core Services service failed to start due to the following error: %%1053 Error - 12/28/2011 5:54:38 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The ONSIO service failed to start due to the following error: %%2 Error - 12/28/2011 5:56:07 PM | Computer Name = HP | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 12/28/2011 5:56:07 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SMPLSCSI < End of report > Quote
Starbuck Posted December 29, 2011 Posted December 29, 2011 Hi Sophiekat Thanks for the reports. Seems there's quite a few little things we need to address.... nothing huge though. You have a few bho/toolbars running which are 'open to debate'. These haven't been classed as good or bad. So my recommendation is that they be removed. None of them are needed anyway, the companies will tell you they are needed..... but they're not. Recommendation. Ad-Aware and Spybot Search & Destroy are very old programs now and are not that effective anymore. As you are using Avast, SAS and now MBAM .... these 2 programs may even cause problems for the system. Too much security isn't always a good thing. Therefore please go to add/remove in the control panel and remove Ad-Aware and Spybot Search & Destroy. These BHO/Toolbars are the ones i spoke of earlier: IMesh MediaBar Ask Toolbar Conduit Engine Like i say, i recommend they be removed. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line, also makw sure everything in the codebox is copied ) :otl SRV - (Winkebo) -- File not found O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll (Compete, Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found. O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll () O2 - BHO: (no name) - {91917DC6-93B9-4E62-B2D6-D39C9618C418} - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [MSWheel] File not found O4 - HKLM..\Run: [windows auto update] File not found O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found O4 - HKCU..\Run: [regsrv32.exe] regsrv32.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk = File not found O4 - Startup: C:\Documents and Settings\fedenfam\Start Menu\Programs\Startup\HandStory.lnk = File not found O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ File not found O9 - Extra Button: Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Palm\HandStoryTE.htm File not found O9 - Extra 'Tools' menuitem : &Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Palm\HandStoryTE.htm File not found O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ File not found O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) [2011/12/23 13:20:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ÿ¡Ÿ¡ MsConfig - StartUpReg: Bwijuro - hkey= - key= - File not found :Files C:\Program Files\Windows Searchqu Toolbar ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 7 Update 2 and save it to your desktop. Scroll down to where it says "Java SE 7 Update 2". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x86'offline from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. . Java 6 Update 22 Java 6 Update 29 J2SE Runtime Environment 5.0 Update 3 . Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u2-windows-i586-p.exe to install the newest version. In your next reply, please submit: Otl fix and let me know if there's any improvement so far. Thanks. Quote Member of:UNITE
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 All processes killed Error: Unable to interpret <Code:> in the current context! ========== OTL ========== Service Winkebo stopped successfully! Service Winkebo deleted successfully! File File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully. C:\Program Files\Consumer Input\dca-bho.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\ deleted successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91917DC6-93B9-4E62-B2D6-D39C9618C418}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91917DC6-93B9-4E62-B2D6-D39C9618C418}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FF99715-3016-4381-84CE-E4E4C9673020} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\ not found. File C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSWheel deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\windows auto update deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Update Detection deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\regsrv32.exe deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk moved successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk moved successfully. C:\Documents and Settings\fedenfam\Start Menu\Programs\Startup\HandStory.lnk moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6C8741AB-53B4-476e-BE7C-F519AD8A6494}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C8741AB-53B4-476e-BE7C-F519AD8A6494}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6C8741AB-53B4-476e-BE7C-F519AD8A6494}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C8741AB-53B4-476e-BE7C-F519AD8A6494}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8828075D-D097-4055-AA02-2DBFA9D85E8A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97809617-3937-4F84-B335-9BB05EF1A8D4}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Starting removal of ActiveX control CabBuilder Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found. File oft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. C:\WINDOWS\SYSTEM32\Ÿ¡Ÿ¡ moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Bwijuro\ deleted successfully. ========== FILES ========== C:\Program Files\Windows Searchqu Toolbar\ToolBar\components folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.http://www.3.YouTube.1217 folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.http://www.3.Twitter.1257 folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.http://www.3.Twitter.1255 folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.http://www.3.Twitter.1227 folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\data folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome folder moved successfully. C:\Program Files\Windows Searchqu Toolbar\ToolBar folder moved successfully. C:\Program Files\Windows Searchqu Toolbar folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\fedenfam\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\fedenfam\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 14394565 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: fedenfam ->Temp folder emptied: 59927205 bytes ->Temporary Internet Files folder emptied: 47476362 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 527 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 6535807 bytes ->Flash cache emptied: 466 bytes User: NetworkService ->Temp folder emptied: 1261418 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 39097 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1920883 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 226670437 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 594636 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 342.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 12292011_094714 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\fedenfam\Local Settings\Temp\Perflib_Perfdata_1744.dat not found! File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\TMP00000001BD4456AB94D1A070 not found! Registry entries deleted on Reboot... Quote
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 (edited) I deleted the programs you mentioned above but I am having trouble with the Java. I went to the site you posted above to update it but I don't know what to click on. I click on the one that says Download JRE but it wouldn't go the page. Help Sophiekat Edited December 29, 2011 by Sophiekat Quote
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 Never mind. I got it to work and have downloaded it. Sophiekat Quote
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 Oh one more thing. I can't locate the IMesh MediaBar in the add/remove. I see one that says Mediabar. Is that it? Sophiekat Quote
Starbuck Posted December 29, 2011 Posted December 29, 2011 Hi Sophiekat I see one that says Mediabar. Is that it? Yes, that's the one. How's the system running now? When you have done that, please let me have another set of OTL reports using the instructions below. Double click on OTL.exe to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. Thanks Quote Member of:UNITE
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 OTL logfile created on: 12/29/2011 1:36:35 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fedenfam\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 134.63 Mb Available Physical Memory | 26.40% Memory free 978.39 Mb Paging File | 520.87 Mb Available in Paging File | 53.24% Paging File free Paging file location(s): C:\pagefile.sys 500 900 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.60 Gb Total Space | 13.25 Gb Free Space | 40.63% Space Free | Partition Type: NTFS Computer Name: HP | User Name: fedenfam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\fedenfam\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe (AG Interactive) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\SYSTEM32\exshow95.exe (Kensington Technology Group) PRC - C:\WINDOWS\SYSTEM32\PackethSvc.exe (America Online, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\11122900\algo.dll () MOD - C:\Program Files\AVAST Software\Avast\defs\11122900\aswRep.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll () MOD - C:\WINDOWS\SYSTEM32\quartz.dll () MOD - C:\Program Files\UnifiedToolbar\3.2\IE\JsonExSerializer.dll () MOD - C:\WINDOWS\SYSTEM32\msdmo.dll () MOD - C:\WINDOWS\SYSTEM32\devenum.dll () ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe (AG Interactive) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (PackethSvc) -- C:\WINDOWS\SYSTEM32\PackethSvc.exe (America Online, Inc.) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (ltmodem5) -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys (LT) DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\SYSTEM32\drivers\SQCaptur.sys (Service & Quality Technology.) DRV - (Freedom) -- C:\WINDOWS\freedom.backup.dat () DRV - (NETMDUSB) -- C:\WINDOWS\SYSTEM32\drivers\NETMDUSB.sys (Sony Corporation) DRV - (PalmUSBD) -- C:\WINDOWS\SYSTEM32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (ousb2hub) -- C:\WINDOWS\SYSTEM32\drivers\ousb2hub.sys (OrangeWare Corporation) DRV - (ousbehci) -- C:\WINDOWS\SYSTEM32\drivers\ousbehci.sys (OrangeWare Corporation) DRV - (S3SavageNB) -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys (S3 Graphics, Inc.) DRV - (pfc) -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys (Padus, Inc.) DRV - (KMW_SYS) -- C:\WINDOWS\SYSTEM32\drivers\KMW_SYS.sys (Kensington Technology Group) DRV - (KID_SYS) -- C:\WINDOWS\SYSTEM32\drivers\kid_sys.sys (Kensington Technology Group) DRV - (ms_mpu401) -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (nv4) -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys (NVIDIA Corporation) DRV - (wandrv) -- C:\WINDOWS\SYSTEM32\drivers\wandrv.sys (America Online, Inc.) DRV - (i81x) -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys (Intel® Corporation) DRV - (Ps2) -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (PcdrNt) -- C:\WINDOWS\System32\drivers\PcdrNt.sys (PC-Doctor Inc.) DRV - (SMPLSCSI) -- C:\WINDOWS\System32\drivers\SMPLSCSI.SYS (OnSpec Electronic, Inc.) DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/03 15:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files\Kiwee Toolbar\2.8.167\firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files\UnifiedToolbar\3.2\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CF21F2A2-B12F-4A69-8F63-1F8459A0C002}: C:\Documents and Settings\fedenfam\Local Settings\Application Data\{CF21F2A2-B12F-4A69-8F63-1F8459A0C002}\ [2010/12/10 10:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/30 16:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/03 15:10:30 | 000,000,000 | ---D | M] [2011/04/19 16:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fedenfam\Application Data\Mozilla\Extensions O1 HOSTS File: ([2011/12/29 09:49:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EXSHOW95.EXE] C:\WINDOWS\System32\exshow95.exe (Kensington Technology Group) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [s3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01D1C6CD-6D44-46B6-BA89-10155A459FBE}: DhcpNameServer = 15.60.103.1 15.60.103.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86ED904F-65B3-4B61-AB9E-522658395BDC}: DhcpNameServer = 192.168.0.1 205.171.3.25 O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 () - http://morepictures.com/images/main/hawaiisurf.jpg O24 - Desktop Components:1 () - http://morepictures.com/images/main/diamond1.jpg O24 - Desktop Components:2 () - http://morepictures.com/images/main/hawaiipalms.jpg O24 - Desktop Components:3 () - http://images.google.com/images?q=tbn:9evOA2dfAXIJ:www.instant-art.com/catalog-safetysigns/prohibition/images/proh007-fork%2520lifts.jpg O24 - Desktop Components:4 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\fedenfam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\fedenfam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/12/23 18:55:07 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/29 13:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Application Data\PriceGong [2011/12/29 13:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\Sun [2011/12/29 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/12/29 11:13:10 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2011/12/29 11:13:07 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2011/12/29 11:13:07 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2011/12/29 11:13:07 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2011/12/29 11:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011/12/29 11:06:46 | 020,290,952 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\fedenfam\Desktop\jre-7u2-windows-i586.exe [2011/12/29 10:37:50 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2011/12/29 09:47:14 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/28 20:41:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fedenfam\Desktop\OTL.scr [2011/12/28 16:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Application Data\Malwarebytes [2011/12/28 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/28 16:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/12/28 16:21:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/28 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/12/08 11:54:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\fedenfam\Desktop\dds.com [2011/12/06 13:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Start Menu\Programs\HiJackThis [2011/12/06 10:53:51 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\fedenfam\Desktop\SysInfo.exe [2011/12/01 13:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Consumer Input [2011/11/30 16:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/11/30 16:00:28 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/11/30 15:59:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/11/30 15:59:21 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/11/30 15:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/11/30 15:59:12 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/02/21 11:55:32 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\log4cxx.dll ========== Files - Modified Within 30 Days ========== [2011/12/29 13:23:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/29 13:20:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-334337264-1445258045-1803559485-1007.job [2011/12/29 13:20:00 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/12/29 13:19:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/29 13:19:38 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys [2011/12/29 12:00:07 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job [2011/12/29 11:24:04 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/12/29 11:11:42 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2011/12/29 11:11:42 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2011/12/29 11:11:42 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2011/12/29 11:11:42 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2011/12/29 11:11:41 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2011/12/29 11:11:41 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2011/12/29 11:07:07 | 020,290,952 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\fedenfam\Desktop\jre-7u2-windows-i586.exe [2011/12/29 09:49:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2011/12/28 20:42:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fedenfam\Desktop\OTL.scr [2011/12/28 19:46:29 | 000,000,596 | ---- | M] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2011/12/28 16:21:21 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/28 16:06:05 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-334337264-1445258045-1803559485-1007.job [2011/12/27 16:49:15 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIES BIRTHDAYS.wps [2011/12/24 12:38:02 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\GOD'S CHRISTMAS PRESENT.wps [2011/12/23 16:23:28 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\WHO THREW THE OVERALLS.wps [2011/12/22 20:37:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\THREE WISE WOMEN.wps [2011/12/22 20:35:07 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\TOUCHING CHRISTMAS POEM.wps [2011/12/17 15:22:28 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk [2011/12/15 09:07:53 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/15 08:49:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/12/14 10:07:51 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\MY JEOPARDY ANSWERS.wps [2011/12/14 09:29:56 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\WORSHIP JANUARY 1.wps [2011/12/12 16:36:54 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\MY JEOPARDY QUESTIONS.wps [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/08 11:56:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\fedenfam\Desktop\dds.com [2011/12/06 16:59:51 | 000,013,192 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps.rtf [2011/12/06 16:59:26 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps [2011/12/06 15:04:37 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.lnk [2011/12/06 13:18:38 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.msi [2011/12/06 10:54:43 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\fedenfam\Desktop\SysInfo.exe [2011/12/03 13:47:30 | 000,201,216 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\THE FIRST NOEL KEY OF Bb.wps [2011/12/02 20:43:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\O COME LET US ADORE HIM KEY OF Eb.wps [2011/12/01 21:00:54 | 000,000,201 | -HS- | M] () -- C:\BOOT.INI [2011/11/30 20:02:44 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/11/30 16:03:30 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/11/30 16:00:29 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/11/30 15:59:21 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/11/30 15:59:21 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/11/30 15:59:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/11/30 15:44:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\fedenfam\Ÿ¡Ÿ¡ ========== Files Created - No Company Name ========== [2011/12/28 16:21:21 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/24 12:34:18 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\GOD'S CHRISTMAS PRESENT.wps [2011/12/21 17:19:51 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\TOUCHING CHRISTMAS POEM.wps [2011/12/17 15:53:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\THREE WISE WOMEN.wps [2011/12/15 08:16:33 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011/12/14 09:26:44 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\WORSHIP JANUARY 1.wps [2011/12/06 16:59:51 | 000,013,192 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps.rtf [2011/12/06 13:24:29 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.lnk [2011/12/06 13:17:35 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.msi [2011/12/05 17:44:42 | 000,035,353 | ---- | C] () -- C:\WINDOWS\_detmp.1 [2011/12/03 13:03:29 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\THE FIRST NOEL KEY OF Bb.wps [2011/12/02 20:43:37 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\O COME LET US ADORE HIM KEY OF Eb.wps [2011/11/30 16:03:30 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/02/21 11:56:10 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\ie_runner_app.exe [2011/02/21 11:56:10 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\common_functions.dll [2011/01/27 15:04:01 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat [2010/12/29 10:56:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\prvlcl.dat [2010/06/11 13:28:30 | 000,165,432 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2010/06/11 13:28:30 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2008/11/03 16:13:37 | 000,165,256 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2008/11/03 16:13:36 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2008/10/31 15:33:22 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll [2008/10/31 15:33:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll [2008/07/06 19:00:03 | 000,000,308 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2006/01/02 21:18:55 | 000,001,595 | ---- | C] () -- C:\WINDOWS\checkip.dat [2005/12/24 23:02:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2005/12/21 13:40:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005/09/14 12:02:58 | 000,002,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2005/08/17 16:11:46 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll [2005/08/17 16:11:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll [2005/05/09 16:17:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE [2005/05/08 21:27:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/05/08 20:31:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2005/03/05 14:42:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\ST1_Un0.exe [2004/12/03 17:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\infamous_downloader.exe [2004/12/01 21:23:12 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/11/28 13:41:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/08/15 09:20:16 | 000,000,088 | ---- | C] () -- C:\WINDOWS\TOPO.INI [2004/05/21 11:14:44 | 000,000,530 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/05/20 20:25:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\HandStory.ini [2004/05/19 15:53:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\install2.exe [2004/05/18 16:55:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0021-bdl94126.EXE [2004/04/02 07:02:04 | 000,000,094 | ---- | C] () -- C:\WINDOWS\regsrv32.dat [2004/01/19 07:50:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\fedenfam\Application Data\hpothb07.tif [2004/01/19 07:50:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\fedenfam\Application Data\hpothb07.dat [2004/01/17 14:03:50 | 000,018,283 | ---- | C] () -- C:\WINDOWS\HPHins01.dat.temp [2004/01/17 14:03:50 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat.temp [2003/12/26 21:30:16 | 000,000,088 | ---- | C] () -- C:\WINDOWS\PicView.INI [2003/12/07 18:59:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2003/10/11 20:31:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\hegames.ini [2003/09/07 15:05:04 | 000,001,428 | -H-- | C] () -- C:\Program Files\hpothb07.dat [2003/09/07 15:05:03 | 000,005,375 | -H-- | C] () -- C:\Program Files\hpothb07.tif [2003/08/11 18:08:20 | 000,000,148 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2003/08/05 13:36:18 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe [2003/07/16 15:35:34 | 000,000,809 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2003/07/16 15:35:23 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe [2003/04/16 14:20:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2003/03/05 18:37:29 | 000,000,354 | ---- | C] () -- C:\WINDOWS\ereg077.dat [2003/02/13 19:46:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Prestopm.INI [2003/02/13 16:57:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2003/02/13 16:45:39 | 000,003,719 | ---- | C] () -- C:\WINDOWS\if40.ini [2003/02/13 16:45:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\pexplore.ini [2003/02/13 16:44:35 | 000,000,055 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI [2003/02/04 21:07:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2002/12/08 11:21:29 | 000,000,457 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2002/10/24 19:33:14 | 000,000,556 | ---- | C] () -- C:\WINDOWS\eReg.dat [2002/10/22 19:08:49 | 000,000,205 | ---- | C] () -- C:\WINDOWS\qtw.ini [2002/10/01 15:43:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2002/10/01 15:43:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2002/10/01 15:43:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2002/10/01 15:43:30 | 000,000,309 | ---- | C] () -- C:\WINDOWS\EReg515.dat [2002/10/01 15:40:12 | 000,000,971 | ---- | C] () -- C:\WINDOWS\disney.ini [2002/10/01 15:39:43 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2002/06/21 17:53:28 | 000,000,087 | ---- | C] () -- C:\WINDOWS\videoimp.ini [2002/06/21 17:53:01 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2002/06/16 07:54:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI [2002/06/16 07:54:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini [2002/06/16 07:54:06 | 000,000,524 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI [2002/05/31 21:32:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2002/05/16 20:34:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2002/05/16 20:33:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2002/04/30 19:55:02 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\ssitid.dat [2002/04/30 19:48:53 | 000,037,364 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat [2002/04/13 17:54:15 | 000,000,137 | ---- | C] () -- C:\WINDOWS\Weather.INI [2002/04/11 11:28:03 | 000,000,596 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2002/04/11 11:27:38 | 004,700,056 | ---- | C] () -- C:\WINDOWS\Pacific Coasts Screen Savers .dat [2002/04/11 11:27:11 | 001,554,637 | ---- | C] () -- C:\WINDOWS\Space Screen Savers .dat [2002/04/11 11:26:15 | 011,280,733 | ---- | C] () -- C:\WINDOWS\Majestic Mountains Rivers and Waterfalls Screen Sa.dat [2002/04/11 11:25:45 | 001,643,542 | ---- | C] () -- C:\WINDOWS\Landmarks Screen Savers .dat [2002/04/11 11:25:31 | 009,175,824 | ---- | C] () -- C:\WINDOWS\Animals of America screen saver.dat [2002/04/11 11:24:41 | 008,290,006 | ---- | C] () -- C:\WINDOWS\US Cities.dat [2002/04/11 11:24:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe [2002/04/11 11:23:47 | 000,000,010 | ---- | C] () -- C:\WINDOWS\4discbib.ini [2002/04/11 11:23:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\gbaform1.ini [2002/04/09 07:46:43 | 000,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll [2002/04/09 07:46:43 | 000,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll [2001/11/09 10:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2001/11/08 19:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini [2001/11/06 18:50:47 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2001/11/06 18:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL [2001/11/06 18:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll [2001/11/06 18:46:13 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.153.exe [2001/11/06 18:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL [2001/11/06 18:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll [2001/11/06 18:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys [2001/11/06 18:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallDriver.exe [2001/11/06 18:21:26 | 000,000,515 | ---- | C] () -- C:\WINDOWS\fantasy2.ini [2001/11/06 18:21:26 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini [2001/11/06 18:21:26 | 000,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2001/11/06 17:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll [2001/11/06 17:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll [2001/11/06 17:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2001/11/06 13:40:54 | 000,000,879 | ---- | C] () -- C:\WINDOWS\orun32.ini [2001/11/06 13:39:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2001/11/06 13:32:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2001/11/06 13:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2001/11/06 05:27:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001/11/06 05:26:54 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2001/11/06 05:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001/11/06 05:21:27 | 000,434,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/11/06 05:21:27 | 000,068,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/11/06 05:21:25 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/11/06 05:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/17 21:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001/08/17 12:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/17 12:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/17 12:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/08 06:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll [2001/08/07 17:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll [2001/07/21 13:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/07/21 13:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/07/21 13:24:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [1997/06/13 16:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll < End of report > OTL Extras logfile created on: 12/29/2011 1:36:35 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fedenfam\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 134.63 Mb Available Physical Memory | 26.40% Memory free 978.39 Mb Paging File | 520.87 Mb Available in Paging File | 53.24% Paging File free Paging file location(s): C:\pagefile.sys 500 900 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.60 Gb Total Space | 13.25 Gb Free Space | 40.63% Space Free | Partition Type: NTFS Computer Name: HP | User Name: fedenfam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\support.com\bin\tgcmd.exe" = C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire "C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Ahead software AG) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{10deb052-db5d-32a6-9ff2-200e810d1a7b}" = Kiwee Toolbar for Firefox "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java 7 Update 2 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}" = Adobe Flash Player 10 Plugin "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57764780-E33B-11D1-96ED-00A024A83A15}" = Kensington MouseWorks "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8aade841-03c5-486a-b048-bb112cc0cac5}" = egreetings.com Toolbar for Internet Explorer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF7DB138-76ED-4E17-8764-1AAE1792F30F}" = Sony MP3 Conversion Tool "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack "{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help "{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "America Online us" = America Online "avast" = avast! Free Antivirus "BackWeb-137903 Uninstaller" = hp center "Card Games" = Card Games "CCleaner" = CCleaner (remove only) "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "ie8" = Windows Internet Explorer 8 "Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only) "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "MGI PhotoSuite Mobile Edition" = MGI PhotoSuite Mobile Edition (Remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MUSICMATCH Jukebox" = MUSICMATCH Jukebox "Nero PhotoShow Express" = Nero PhotoShow Express "NeroMultiInstaller!UninstallKey" = Nero Suite "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "PCDoctor" = PC-Doctor for Windows "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "RealPlayer 15.0" = RealPlayer "Scanport Applications" = Presto! PageManager "Searchqu MediaBar" = Windows Searchqu Toolbar "Shop for HP Supplies" = Shop for HP Supplies "Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "TOPO!" = TOPO! "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Consumer Input Software" = Consumer Input Software (remove only) "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/17/2011 8:49:54 PM | Computer Name = HP | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb. Error - 8/17/2011 8:50:07 PM | Computer Name = HP | Source = Application Error | ID = 1001 Description = Fault bucket 1228147305. Error - 8/17/2011 9:02:58 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application Weather.exe, version 6.7.0.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/17/2011 9:04:21 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 517211759. Error - 8/18/2011 12:20:21 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/18/2011 12:20:40 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 8/20/2011 2:09:49 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/20/2011 2:11:06 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 8/20/2011 2:17:44 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/20/2011 2:18:12 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. [ System Events ] Error - 12/29/2011 2:50:02 PM | Computer Name = HP | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/29/2011 2:50:02 PM | Computer Name = HP | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/29/2011 2:52:30 PM | Computer Name = HP | Source = Print | ID = 23 Description = Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found. Error - 12/29/2011 2:53:28 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The ONSIO service failed to start due to the following error: %%2 Error - 12/29/2011 2:54:57 PM | Computer Name = HP | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 12/29/2011 2:54:57 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SMPLSCSI Error - 12/29/2011 5:20:10 PM | Computer Name = HP | Source = Print | ID = 23 Description = Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found. Error - 12/29/2011 5:21:20 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The ONSIO service failed to start due to the following error: %%2 Error - 12/29/2011 5:22:43 PM | Computer Name = HP | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 12/29/2011 5:22:43 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SMPLSCSI < End of report > Quote
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 OTL logfile created on: 12/29/2011 1:36:35 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fedenfam\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 134.63 Mb Available Physical Memory | 26.40% Memory free 978.39 Mb Paging File | 520.87 Mb Available in Paging File | 53.24% Paging File free Paging file location(s): C:\pagefile.sys 500 900 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.60 Gb Total Space | 13.25 Gb Free Space | 40.63% Space Free | Partition Type: NTFS Computer Name: HP | User Name: fedenfam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\fedenfam\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe (AG Interactive) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\SYSTEM32\exshow95.exe (Kensington Technology Group) PRC - C:\WINDOWS\SYSTEM32\PackethSvc.exe (America Online, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\11122900\algo.dll () MOD - C:\Program Files\AVAST Software\Avast\defs\11122900\aswRep.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll () MOD - C:\WINDOWS\SYSTEM32\quartz.dll () MOD - C:\Program Files\UnifiedToolbar\3.2\IE\JsonExSerializer.dll () MOD - C:\WINDOWS\SYSTEM32\msdmo.dll () MOD - C:\WINDOWS\SYSTEM32\devenum.dll () ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe (AG Interactive) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (PackethSvc) -- C:\WINDOWS\SYSTEM32\PackethSvc.exe (America Online, Inc.) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (ltmodem5) -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys (LT) DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\SYSTEM32\drivers\SQCaptur.sys (Service & Quality Technology.) DRV - (Freedom) -- C:\WINDOWS\freedom.backup.dat () DRV - (NETMDUSB) -- C:\WINDOWS\SYSTEM32\drivers\NETMDUSB.sys (Sony Corporation) DRV - (PalmUSBD) -- C:\WINDOWS\SYSTEM32\drivers\PalmUSBD.sys (Palm, Inc.) DRV - (ousb2hub) -- C:\WINDOWS\SYSTEM32\drivers\ousb2hub.sys (OrangeWare Corporation) DRV - (ousbehci) -- C:\WINDOWS\SYSTEM32\drivers\ousbehci.sys (OrangeWare Corporation) DRV - (S3SavageNB) -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys (S3 Graphics, Inc.) DRV - (pfc) -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys (Padus, Inc.) DRV - (KMW_SYS) -- C:\WINDOWS\SYSTEM32\drivers\KMW_SYS.sys (Kensington Technology Group) DRV - (KID_SYS) -- C:\WINDOWS\SYSTEM32\drivers\kid_sys.sys (Kensington Technology Group) DRV - (ms_mpu401) -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (nv4) -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys (NVIDIA Corporation) DRV - (wandrv) -- C:\WINDOWS\SYSTEM32\drivers\wandrv.sys (America Online, Inc.) DRV - (i81x) -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys (Intel® Corporation) DRV - (Ps2) -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (PcdrNt) -- C:\WINDOWS\System32\drivers\PcdrNt.sys (PC-Doctor Inc.) DRV - (SMPLSCSI) -- C:\WINDOWS\System32\drivers\SMPLSCSI.SYS (OnSpec Electronic, Inc.) DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/03 15:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files\Kiwee Toolbar\2.8.167\firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files\UnifiedToolbar\3.2\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CF21F2A2-B12F-4A69-8F63-1F8459A0C002}: C:\Documents and Settings\fedenfam\Local Settings\Application Data\{CF21F2A2-B12F-4A69-8F63-1F8459A0C002}\ [2010/12/10 10:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/30 16:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/03 15:10:30 | 000,000,000 | ---D | M] [2011/04/19 16:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fedenfam\Application Data\Mozilla\Extensions O1 HOSTS File: ([2011/12/29 09:49:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EXSHOW95.EXE] C:\WINDOWS\System32\exshow95.exe (Kensington Technology Group) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [s3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01D1C6CD-6D44-46B6-BA89-10155A459FBE}: DhcpNameServer = 15.60.103.1 15.60.103.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86ED904F-65B3-4B61-AB9E-522658395BDC}: DhcpNameServer = 192.168.0.1 205.171.3.25 O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 () - http://morepictures.com/images/main/hawaiisurf.jpg O24 - Desktop Components:1 () - http://morepictures.com/images/main/diamond1.jpg O24 - Desktop Components:2 () - http://morepictures.com/images/main/hawaiipalms.jpg O24 - Desktop Components:3 () - http://images.google.com/images?q=tbn:9evOA2dfAXIJ:www.instant-art.com/catalog-safetysigns/prohibition/images/proh007-fork%2520lifts.jpg O24 - Desktop Components:4 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\fedenfam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\fedenfam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/12/23 18:55:07 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/29 13:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Application Data\PriceGong [2011/12/29 13:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\Sun [2011/12/29 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/12/29 11:13:10 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2011/12/29 11:13:07 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2011/12/29 11:13:07 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2011/12/29 11:13:07 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2011/12/29 11:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011/12/29 11:06:46 | 020,290,952 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\fedenfam\Desktop\jre-7u2-windows-i586.exe [2011/12/29 10:37:50 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2011/12/29 09:47:14 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/28 20:41:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fedenfam\Desktop\OTL.scr [2011/12/28 16:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Application Data\Malwarebytes [2011/12/28 16:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/28 16:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/12/28 16:21:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/28 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/12/08 11:54:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\fedenfam\Desktop\dds.com [2011/12/06 13:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fedenfam\Start Menu\Programs\HiJackThis [2011/12/06 10:53:51 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\fedenfam\Desktop\SysInfo.exe [2011/12/01 13:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Consumer Input [2011/11/30 16:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/11/30 16:00:28 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/11/30 15:59:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/11/30 15:59:21 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/11/30 15:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/11/30 15:59:12 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/02/21 11:55:32 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\log4cxx.dll ========== Files - Modified Within 30 Days ========== [2011/12/29 13:23:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/29 13:20:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-334337264-1445258045-1803559485-1007.job [2011/12/29 13:20:00 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011/12/29 13:19:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/29 13:19:38 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys [2011/12/29 12:00:07 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job [2011/12/29 11:24:04 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/12/29 11:11:42 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2011/12/29 11:11:42 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2011/12/29 11:11:42 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2011/12/29 11:11:42 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2011/12/29 11:11:41 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2011/12/29 11:11:41 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2011/12/29 11:07:07 | 020,290,952 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\fedenfam\Desktop\jre-7u2-windows-i586.exe [2011/12/29 09:49:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2011/12/28 20:42:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fedenfam\Desktop\OTL.scr [2011/12/28 19:46:29 | 000,000,596 | ---- | M] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2011/12/28 16:21:21 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/28 16:06:05 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-334337264-1445258045-1803559485-1007.job [2011/12/27 16:49:15 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIES BIRTHDAYS.wps [2011/12/24 12:38:02 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\GOD'S CHRISTMAS PRESENT.wps [2011/12/23 16:23:28 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\WHO THREW THE OVERALLS.wps [2011/12/22 20:37:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\THREE WISE WOMEN.wps [2011/12/22 20:35:07 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\TOUCHING CHRISTMAS POEM.wps [2011/12/17 15:22:28 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk [2011/12/15 09:07:53 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/15 08:49:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/12/14 10:07:51 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\MY JEOPARDY ANSWERS.wps [2011/12/14 09:29:56 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\WORSHIP JANUARY 1.wps [2011/12/12 16:36:54 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\MY JEOPARDY QUESTIONS.wps [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/12/08 11:56:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\fedenfam\Desktop\dds.com [2011/12/06 16:59:51 | 000,013,192 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps.rtf [2011/12/06 16:59:26 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps [2011/12/06 15:04:37 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.lnk [2011/12/06 13:18:38 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.msi [2011/12/06 10:54:43 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\fedenfam\Desktop\SysInfo.exe [2011/12/03 13:47:30 | 000,201,216 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\THE FIRST NOEL KEY OF Bb.wps [2011/12/02 20:43:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\fedenfam\My Documents\O COME LET US ADORE HIM KEY OF Eb.wps [2011/12/01 21:00:54 | 000,000,201 | -HS- | M] () -- C:\BOOT.INI [2011/11/30 20:02:44 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/11/30 16:03:30 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/11/30 16:00:29 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/11/30 15:59:21 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/11/30 15:59:21 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/11/30 15:59:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/11/30 15:44:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\fedenfam\Ÿ¡Ÿ¡ ========== Files Created - No Company Name ========== [2011/12/28 16:21:21 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/24 12:34:18 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\GOD'S CHRISTMAS PRESENT.wps [2011/12/21 17:19:51 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\TOUCHING CHRISTMAS POEM.wps [2011/12/17 15:53:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\THREE WISE WOMEN.wps [2011/12/15 08:16:33 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011/12/14 09:26:44 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\WORSHIP JANUARY 1.wps [2011/12/06 16:59:51 | 000,013,192 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\QUIRKIE ADDRESSES.wps.rtf [2011/12/06 13:24:29 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.lnk [2011/12/06 13:17:35 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\fedenfam\Desktop\HiJackThis.msi [2011/12/05 17:44:42 | 000,035,353 | ---- | C] () -- C:\WINDOWS\_detmp.1 [2011/12/03 13:03:29 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\THE FIRST NOEL KEY OF Bb.wps [2011/12/02 20:43:37 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\fedenfam\My Documents\O COME LET US ADORE HIM KEY OF Eb.wps [2011/11/30 16:03:30 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/02/21 11:56:10 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\ie_runner_app.exe [2011/02/21 11:56:10 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\common_functions.dll [2011/01/27 15:04:01 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat [2010/12/29 10:56:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\prvlcl.dat [2010/06/11 13:28:30 | 000,165,432 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2010/06/11 13:28:30 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2008/11/03 16:13:37 | 000,165,256 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2008/11/03 16:13:36 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2008/10/31 15:33:22 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll [2008/10/31 15:33:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll [2008/07/06 19:00:03 | 000,000,308 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2006/01/02 21:18:55 | 000,001,595 | ---- | C] () -- C:\WINDOWS\checkip.dat [2005/12/24 23:02:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2005/12/21 13:40:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005/09/14 12:02:58 | 000,002,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2005/08/17 16:11:46 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll [2005/08/17 16:11:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll [2005/05/09 16:17:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE [2005/05/08 21:27:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/05/08 20:31:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2005/03/05 14:42:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\ST1_Un0.exe [2004/12/03 17:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\infamous_downloader.exe [2004/12/01 21:23:12 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\fedenfam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/11/28 13:41:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/08/15 09:20:16 | 000,000,088 | ---- | C] () -- C:\WINDOWS\TOPO.INI [2004/05/21 11:14:44 | 000,000,530 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/05/20 20:25:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\HandStory.ini [2004/05/19 15:53:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\install2.exe [2004/05/18 16:55:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0021-bdl94126.EXE [2004/04/02 07:02:04 | 000,000,094 | ---- | C] () -- C:\WINDOWS\regsrv32.dat [2004/01/19 07:50:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\fedenfam\Application Data\hpothb07.tif [2004/01/19 07:50:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\fedenfam\Application Data\hpothb07.dat [2004/01/17 14:03:50 | 000,018,283 | ---- | C] () -- C:\WINDOWS\HPHins01.dat.temp [2004/01/17 14:03:50 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat.temp [2003/12/26 21:30:16 | 000,000,088 | ---- | C] () -- C:\WINDOWS\PicView.INI [2003/12/07 18:59:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2003/10/11 20:31:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\hegames.ini [2003/09/07 15:05:04 | 000,001,428 | -H-- | C] () -- C:\Program Files\hpothb07.dat [2003/09/07 15:05:03 | 000,005,375 | -H-- | C] () -- C:\Program Files\hpothb07.tif [2003/08/11 18:08:20 | 000,000,148 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2003/08/05 13:36:18 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe [2003/07/16 15:35:34 | 000,000,809 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2003/07/16 15:35:23 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe [2003/04/16 14:20:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2003/03/05 18:37:29 | 000,000,354 | ---- | C] () -- C:\WINDOWS\ereg077.dat [2003/02/13 19:46:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Prestopm.INI [2003/02/13 16:57:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2003/02/13 16:45:39 | 000,003,719 | ---- | C] () -- C:\WINDOWS\if40.ini [2003/02/13 16:45:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\pexplore.ini [2003/02/13 16:44:35 | 000,000,055 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI [2003/02/04 21:07:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2002/12/08 11:21:29 | 000,000,457 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2002/10/24 19:33:14 | 000,000,556 | ---- | C] () -- C:\WINDOWS\eReg.dat [2002/10/22 19:08:49 | 000,000,205 | ---- | C] () -- C:\WINDOWS\qtw.ini [2002/10/01 15:43:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2002/10/01 15:43:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2002/10/01 15:43:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2002/10/01 15:43:30 | 000,000,309 | ---- | C] () -- C:\WINDOWS\EReg515.dat [2002/10/01 15:40:12 | 000,000,971 | ---- | C] () -- C:\WINDOWS\disney.ini [2002/10/01 15:39:43 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2002/06/21 17:53:28 | 000,000,087 | ---- | C] () -- C:\WINDOWS\videoimp.ini [2002/06/21 17:53:01 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2002/06/16 07:54:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI [2002/06/16 07:54:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini [2002/06/16 07:54:06 | 000,000,524 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI [2002/05/31 21:32:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2002/05/16 20:34:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2002/05/16 20:33:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2002/04/30 19:55:02 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\ssitid.dat [2002/04/30 19:48:53 | 000,037,364 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat [2002/04/13 17:54:15 | 000,000,137 | ---- | C] () -- C:\WINDOWS\Weather.INI [2002/04/11 11:28:03 | 000,000,596 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2002/04/11 11:27:38 | 004,700,056 | ---- | C] () -- C:\WINDOWS\Pacific Coasts Screen Savers .dat [2002/04/11 11:27:11 | 001,554,637 | ---- | C] () -- C:\WINDOWS\Space Screen Savers .dat [2002/04/11 11:26:15 | 011,280,733 | ---- | C] () -- C:\WINDOWS\Majestic Mountains Rivers and Waterfalls Screen Sa.dat [2002/04/11 11:25:45 | 001,643,542 | ---- | C] () -- C:\WINDOWS\Landmarks Screen Savers .dat [2002/04/11 11:25:31 | 009,175,824 | ---- | C] () -- C:\WINDOWS\Animals of America screen saver.dat [2002/04/11 11:24:41 | 008,290,006 | ---- | C] () -- C:\WINDOWS\US Cities.dat [2002/04/11 11:24:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe [2002/04/11 11:23:47 | 000,000,010 | ---- | C] () -- C:\WINDOWS\4discbib.ini [2002/04/11 11:23:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\gbaform1.ini [2002/04/09 07:46:43 | 000,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll [2002/04/09 07:46:43 | 000,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll [2001/11/09 10:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2001/11/08 19:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini [2001/11/06 18:50:47 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2001/11/06 18:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL [2001/11/06 18:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll [2001/11/06 18:46:13 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.153.exe [2001/11/06 18:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL [2001/11/06 18:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll [2001/11/06 18:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys [2001/11/06 18:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallDriver.exe [2001/11/06 18:21:26 | 000,000,515 | ---- | C] () -- C:\WINDOWS\fantasy2.ini [2001/11/06 18:21:26 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini [2001/11/06 18:21:26 | 000,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2001/11/06 17:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll [2001/11/06 17:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll [2001/11/06 17:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2001/11/06 13:40:54 | 000,000,879 | ---- | C] () -- C:\WINDOWS\orun32.ini [2001/11/06 13:39:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2001/11/06 13:32:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2001/11/06 13:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2001/11/06 05:27:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001/11/06 05:26:54 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2001/11/06 05:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001/11/06 05:21:27 | 000,434,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/11/06 05:21:27 | 000,068,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/11/06 05:21:25 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/11/06 05:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/17 21:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001/08/17 12:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/17 12:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/17 12:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/08 06:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll [2001/08/07 17:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll [2001/07/21 13:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/07/21 13:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/07/21 13:24:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [1997/06/13 16:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll < End of report > OTL Extras logfile created on: 12/29/2011 1:36:35 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\fedenfam\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 134.63 Mb Available Physical Memory | 26.40% Memory free 978.39 Mb Paging File | 520.87 Mb Available in Paging File | 53.24% Paging File free Paging file location(s): C:\pagefile.sys 500 900 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.60 Gb Total Space | 13.25 Gb Free Space | 40.63% Space Free | Partition Type: NTFS Computer Name: HP | User Name: fedenfam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\support.com\bin\tgcmd.exe" = C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire "C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Ahead software AG) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{10deb052-db5d-32a6-9ff2-200e810d1a7b}" = Kiwee Toolbar for Firefox "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java 7 Update 2 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}" = Adobe Flash Player 10 Plugin "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57764780-E33B-11D1-96ED-00A024A83A15}" = Kensington MouseWorks "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8aade841-03c5-486a-b048-bb112cc0cac5}" = egreetings.com Toolbar for Internet Explorer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF7DB138-76ED-4E17-8764-1AAE1792F30F}" = Sony MP3 Conversion Tool "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack "{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help "{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "America Online us" = America Online "avast" = avast! Free Antivirus "BackWeb-137903 Uninstaller" = hp center "Card Games" = Card Games "CCleaner" = CCleaner (remove only) "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "ie8" = Windows Internet Explorer 8 "Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only) "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "MGI PhotoSuite Mobile Edition" = MGI PhotoSuite Mobile Edition (Remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MUSICMATCH Jukebox" = MUSICMATCH Jukebox "Nero PhotoShow Express" = Nero PhotoShow Express "NeroMultiInstaller!UninstallKey" = Nero Suite "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "PCDoctor" = PC-Doctor for Windows "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "RealPlayer 15.0" = RealPlayer "Scanport Applications" = Presto! PageManager "Searchqu MediaBar" = Windows Searchqu Toolbar "Shop for HP Supplies" = Shop for HP Supplies "Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "TOPO!" = TOPO! "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Consumer Input Software" = Consumer Input Software (remove only) "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/17/2011 8:49:54 PM | Computer Name = HP | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb. Error - 8/17/2011 8:50:07 PM | Computer Name = HP | Source = Application Error | ID = 1001 Description = Fault bucket 1228147305. Error - 8/17/2011 9:02:58 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application Weather.exe, version 6.7.0.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/17/2011 9:04:21 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 517211759. Error - 8/18/2011 12:20:21 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/18/2011 12:20:40 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 8/20/2011 2:09:49 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/20/2011 2:11:06 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 8/20/2011 2:17:44 PM | Computer Name = HP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/20/2011 2:18:12 PM | Computer Name = HP | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. [ System Events ] Error - 12/29/2011 2:50:02 PM | Computer Name = HP | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/29/2011 2:50:02 PM | Computer Name = HP | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 12/29/2011 2:52:30 PM | Computer Name = HP | Source = Print | ID = 23 Description = Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found. Error - 12/29/2011 2:53:28 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The ONSIO service failed to start due to the following error: %%2 Error - 12/29/2011 2:54:57 PM | Computer Name = HP | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 12/29/2011 2:54:57 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SMPLSCSI Error - 12/29/2011 5:20:10 PM | Computer Name = HP | Source = Print | ID = 23 Description = Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found. Error - 12/29/2011 5:21:20 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000 Description = The ONSIO service failed to start due to the following error: %%2 Error - 12/29/2011 5:22:43 PM | Computer Name = HP | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 12/29/2011 5:22:43 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SMPLSCSI < End of report > Quote
Sophiekat Posted December 29, 2011 Author Posted December 29, 2011 I went to "My Pictures and started scrolling through them and my computer did not restart itself so that is a good sign. I'll let you know how it does. Sophie Quote
Sophiekat Posted December 30, 2011 Author Posted December 30, 2011 Is there anything else I need to do? I have noticed that my PC is running a bit faster than it was especially on the Internet. It was running rather slow. Thank you for your help and for helping so quickly:) Sophie P.S. Hi to you too Bluesplayer. Thanks for suggesting I come here. Quote
Starbuck Posted December 30, 2011 Posted December 30, 2011 Hi Sophie I went to "My Pictures and started scrolling through them and my computer did not restart itself so that is a good sign. There wasn't anything really bad on the system, just adware type rubbish. They're easy to clean up. I think your system was just becoming bogged down a bit.... that's all. Just a few orphan entries to clean up now. Plus make sure a couple of folders are completely removed. Step 1 HijackThis can be uninstalled now. (It has to be removed via the add/remove program) It's not worth keeping as it's so out of date. Step 2 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.) :Reg :Files C:\Program Files\AVG C:\Program Files\LimeWire :commands [emptytemp] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles In your next reply, please submit: new OTL fix report and if everything is still ok, i'll finish off the cleaning and explain the correct way to remove the programs we've used. Thanks. Quote Member of:UNITE
Sophiekat Posted December 30, 2011 Author Posted December 30, 2011 All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Update Detection deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Consumer Input Update deleted successfully. C:\Program Files\Consumer Input\dca-ua.exe moved successfully. ========== REGISTRY ========== ========== FILES ========== C:\Program Files\AVG\AVG8\log folder moved successfully. C:\Program Files\AVG\AVG8\cfg folder moved successfully. C:\Program Files\AVG\AVG8 folder moved successfully. C:\Program Files\AVG\AVG10\Notification folder moved successfully. C:\Program Files\AVG\AVG10 folder moved successfully. C:\Program Files\AVG folder moved successfully. File\Folder C:\Program Files\LimeWire not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: fedenfam ->Temp folder emptied: 545899085 bytes ->Temporary Internet Files folder emptied: 14096657 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 953 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 2836 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 576142 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 679 bytes Total Files Cleaned = 535.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12302011_092123 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\fedenfam\Local Settings\Temp\~DF2500.tmp not found! File\Folder C:\Documents and Settings\fedenfam\Local Settings\Temp\~DF25B7.tmp not found! File\Folder C:\Documents and Settings\fedenfam\Local Settings\Temp\~DF2C84.tmp not found! File\Folder C:\Documents and Settings\fedenfam\Local Settings\Temp\~DF2E5B.tmp not found! File\Folder C:\Documents and Settings\fedenfam\Local Settings\Temp\~DF313E.tmp not found! File\Folder C:\Documents and Settings\fedenfam\Local Settings\Temp\~DF318F.tmp not found! C:\Documents and Settings\fedenfam\Local Settings\Temporary Internet Files\Content.IE5\DN3EUWT4\ads[1].htm moved successfully. C:\Documents and Settings\fedenfam\Local Settings\Temporary Internet Files\Content.IE5\DHQAENNZ\si[1].htm moved successfully. C:\Documents and Settings\fedenfam\Local Settings\Temporary Internet Files\Content.IE5\1AP9H9YK\12867-Restarting-problem[1].htm moved successfully. C:\Documents and Settings\fedenfam\Local Settings\Temporary Internet Files\Content.IE5\1AP9H9YK\si[1].htm moved successfully. C:\Documents and Settings\fedenfam\Local Settings\Temporary Internet Files\Content.IE5\0ALJD893\ads[4].htm moved successfully. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... Quote
Starbuck Posted December 31, 2011 Posted December 31, 2011 Hi Sophie If everything is still running ok, we can finish off now. Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please double-click OTL to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed (it's recommended to keep this program, update it and run it at least once a week) Step 3 Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. To find out how you may have been infected....read this topic: How did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ....installation guide Here Avast free Bitdefender Free MS Security Essentials ... see note* ...installation guide Here Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below Sunbelt Personal Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Bluesplayer. Posted December 31, 2011 Posted December 31, 2011 P.S. Hi to you too Bluesplayer. Thanks for suggesting I come here. Good to have you here Sophie - glad that we could help. ;) Quote
Sophiekat Posted December 31, 2011 Author Posted December 31, 2011 Starbuck,:) I want to thank you so much for all your help. I think the other site I was on just had too many people needing help and not enough people to help them. I would certainly reccommend this site for anyone needing help with their computer. If I have any more problems I will let you know. Again, Thank you Sophiekat:cool: Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.