Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2013 04 (ATTENTION: FRST version is 9 days old) Ran by Guest (ATTENTION: The logged in user is not administrator) on 21-06-2013 07:12:19 Running from D:\G2G 6 11 13 Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize [x] HKLM\...\Run: [GWMDMMSG] GWMDMMSG.exe [x] HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x] HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKCU\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [x] Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation) ==================== Internet (Whitelisted) ==================== HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZSzim003YYUS&fl=0&ptb=4gGHhPZHdIbrMQOrUx1AnQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll () Handler: ipp - No CLSID Value - Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 24.89.0.22 24.89.0.21 ========================== Services (Whitelisted) ================= U2 C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [54784 2009-04-05] (Macrovision) U3 PictureTaker; C:\WINDOWS\system32\PCTKRNT.SYS [45056 2009-02-20] (LANovation) U2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\ini3zd.dat [155648 2013-05-08] (Microsoft Corporation) U3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] U2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== U3 AN983; C:\Windows\System32\DRIVERS\AN983.sys [36224 2004-08-04] (ADMtek Incorporated.) U3 BCMModem; C:\Windows\System32\DRIVERS\BCMDM.sys [871388 2001-08-17] (BCM) U2 CdaC15BA; C:\WINDOWS\system32\drivers\CdaC15BA.SYS [12464 2009-04-05] (Macrovision Europe Ltd) U3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.) U3 GTWModem; C:\Windows\System32\DRIVERS\GWMDM.sys [1141888 2001-08-15] (GTW) U3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP) U3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP) U3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP) U3 nv4; C:\Windows\System32\DRIVERS\nv4_mini.sys [829305 2001-08-31] (NVIDIA Corporation) U3 sbpci; C:\Windows\System32\drivers\sbpci.sys [412672 2001-08-24] (Creative Technology Ltd.) U4 Abiosdsk; No ImagePath U4 abp480n5; No ImagePath U4 adpu160m; No ImagePath U4 Aha154x; No ImagePath U4 aic78u2; No ImagePath U4 aic78xx; No ImagePath U4 AliIde; No ImagePath U4 amsint; No ImagePath U4 asc; No ImagePath U4 asc3350p; No ImagePath U4 asc3550; No ImagePath U4 Atdisk; No ImagePath U4 cd20xrnt; No ImagePath U1 Changer; No ImagePath U4 CmdIde; No ImagePath U4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath U4 dac960nt; No ImagePath U4 dpti2o; No ImagePath U4 hpn; No ImagePath U4 hpt3xx; No ImagePath U1 i2omgmt; No ImagePath U4 i2omp; No ImagePath U4 ini910u; No ImagePath U0 Lbd; system32\DRIVERS\Lbd.sys [x] U1 lbrtfdc; No ImagePath U4 mraid35x; No ImagePath U1 PCIDump; No ImagePath U4 PCIIde; No ImagePath U3 PDCOMP; No ImagePath U3 PDFRAME; No ImagePath U3 PDRELI; No ImagePath U3 PDRFRAME; No ImagePath U4 perc2; No ImagePath U4 perc2hib; No ImagePath U4 ql1080; No ImagePath U4 Ql10wnt; No ImagePath U4 ql12160; No ImagePath U4 ql1240; No ImagePath U4 ql1280; No ImagePath U4 Simbad; No ImagePath U4 Sparrow; No ImagePath U4 symc810; No ImagePath U4 symc8xx; No ImagePath U4 sym_hi; No ImagePath U4 sym_u3; No ImagePath U4 TosIde; No ImagePath U4 ultra; No ImagePath U4 ViaIde; No ImagePath U3 WDICA; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-21 07:11 - 2013-06-21 07:11 - 00000338 ____A C:\Documents and Settings\Guest\Desktop\ImgBurn.ibq 2013-06-21 07:01 - 2013-06-12 16:17 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Guest\Desktop\OTLPENet.exe 2013-06-19 19:16 - 2013-06-19 19:16 - 00000000 ____D C:\FRST 2013-06-19 18:34 - 2013-06-19 18:34 - 00138264 ____A C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-05-31 18:16 - 2013-05-31 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC-Doctor 2013-05-24 13:53 - 2013-05-24 13:53 - 00000583 ____A C:\Documents and Settings\Guest\Desktop\Shortcut to bmrt.lnk 2013-05-24 13:53 - 2013-05-24 13:53 - 00000521 ____A C:\Documents and Settings\Guest\Desktop\Shortcut to avg_free_stf_en_8_169a1359.lnk 2013-05-24 13:53 - 2013-05-24 13:53 - 00000399 ____A C:\Documents and Settings\Guest\Desktop\Shortcut to pcdrcui.lnk 2013-05-24 13:53 - 2013-05-24 13:53 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Sun 2013-05-24 13:49 - 2013-05-24 13:49 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\LockAP ==================== One Month Modified Files and Folders ======== 2013-06-21 07:11 - 2013-06-21 07:11 - 00000338 ____A C:\Documents and Settings\Guest\Desktop\ImgBurn.ibq 2013-06-21 06:55 - 2009-01-20 03:37 - 01971081 ____A C:\Windows\WindowsUpdate.log 2013-06-21 06:54 - 2009-02-10 21:37 - 00000062 _ASHC C:\Documents and Settings\Guest\Local Settings\desktop.ini 2013-06-21 06:53 - 2009-01-19 10:14 - 00000159 ____A C:\Windows\wiadebug.log 2013-06-21 06:53 - 2009-01-19 10:14 - 00000049 ____A C:\Windows\wiaservc.log 2013-06-20 19:58 - 2013-05-08 06:31 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\dz3ini.pad 2013-06-20 19:55 - 2013-05-08 06:32 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\as98213.txt 2013-06-20 19:51 - 2009-01-19 15:25 - 00032536 ____A C:\Windows\SchedLgU.Txt 2013-06-19 19:16 - 2013-06-19 19:16 - 00000000 ____D C:\FRST 2013-06-19 18:34 - 2013-06-19 18:34 - 00138264 ____A C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-06-19 18:20 - 2001-08-30 06:30 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-06-12 16:17 - 2013-06-21 07:01 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Guest\Desktop\OTLPENet.exe 2013-05-31 18:16 - 2013-05-31 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC-Doctor 2013-05-31 17:47 - 2009-03-23 18:33 - 00855373 ____A C:\Windows\setupapi.log 2013-05-24 13:53 - 2013-05-24 13:53 - 00000583 ____A C:\Documents and Settings\Guest\Desktop\Shortcut to bmrt.lnk 2013-05-24 13:53 - 2013-05-24 13:53 - 00000521 ____A C:\Documents and Settings\Guest\Desktop\Shortcut to avg_free_stf_en_8_169a1359.lnk 2013-05-24 13:53 - 2013-05-24 13:53 - 00000399 ____A C:\Documents and Settings\Guest\Desktop\Shortcut to pcdrcui.lnk 2013-05-24 13:53 - 2013-05-24 13:53 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Sun 2013-05-24 13:49 - 2013-05-24 13:49 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\LockAP ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2001-08-30 06:30] - [2008-04-13 20:12] - 1033728 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe [2001-08-30 06:30] - [2008-04-13 20:12] - 0507904 ____A (Microsoft Corporation) C:\Windows\System32\svchost.exe [2001-08-30 06:30] - [2008-04-13 20:12] - 0014336 ____A (Microsoft Corporation) C:\Windows\System32\services.exe [2001-08-30 06:30] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\User32.dll [2001-08-30 06:30] - [2008-04-13 20:12] - 0578560 ____A (Microsoft Corporation) C:\Windows\System32\userinit.exe [2001-08-30 06:30] - [2008-04-13 20:12] - 0026112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys [2001-08-30 06:30] - [2008-04-13 14:41] - 0052352 ____A (Microsoft Corporation) ==================== End Of Log ============================