Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Performance has gotten very slow.


  • This topic is locked This topic is locked

#1
rkinsey1313

rkinsey1313

    Member

  • Member
  • PipPip
  • 90 posts
Well it seems like my computer performance has been on a downward spiral for the last month or 2. I've run MBAM and Super Anti Spyware like I usually do. They find little things here and there nut it never seems to get rid of whatever is causing the performance issues. I use this computer mainly for gaming and thats where I notice the most problems now. It used to work flawlessly. If anyone can help it would be much appreciated. Here is my OTL log:


OTL logfile created on: 3/21/2011 8:47:30 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 560.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.80 Gb Total Space | 155.09 Gb Free Space | 87.23% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.17% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/21 08:47:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/03/16 23:15:04 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2005/08/27 01:14:44 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
PRC - [2005/08/27 01:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/21 08:47:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2004/08/10 11:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 19:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2005/08/29 14:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/03 23:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 00:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/15 14:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 14:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 14:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 14:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2005/11/10 16:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2005/11/10 16:43:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/20 20:44:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/10 16:46:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 20:46:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/20 20:46:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/20 20:06:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/03/20 20:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax Online
[2011/03/20 20:06:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/20 20:06:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/20 17:33:19 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2011/03/01 23:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\LolClient
[2011/03/01 22:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\League of Legends
[2011/03/01 22:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PMB Files
[2011/03/01 11:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/01 11:37:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/01 11:37:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/01 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/28 18:11:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/02/28 17:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/28 17:14:22 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/02/28 17:14:22 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/02/28 17:14:21 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/02/28 17:14:21 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/02/28 17:14:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/02/28 17:08:56 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/02/27 17:24:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/27 17:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/02/27 17:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/02/27 17:02:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2011/02/27 17:02:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Cookies
[2011/02/27 17:02:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Application Data
[2011/02/27 17:02:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Favorites
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2011/02/27 17:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2011/02/27 17:02:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\SendTo
[2011/02/27 17:02:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
[2011/02/27 17:02:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu
[2011/02/27 17:02:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2011/02/27 17:02:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2011/02/27 17:02:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2011/02/27 17:02:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents
[2011/02/27 17:02:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Accessories
[2011/02/27 17:02:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Templates
[2011/02/27 17:02:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\PrintHood
[2011/02/27 17:02:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\NetHood
[2011/02/27 17:02:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings
[2011/02/27 17:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WINDOWS
[2011/02/27 17:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Online Services
[2011/02/27 15:31:37 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/02/27 14:42:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2011/02/22 19:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/02/22 19:12:40 | 000,000,000 | ---D | C] -- C:\cmdcons(2)
[2011/02/20 21:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/21 08:16:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
[2011/03/21 07:57:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3409468861-1876123338-1713568439-1008UA.job
[2011/03/21 07:51:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008UA.job
[2011/03/21 03:33:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2011/03/21 02:47:57 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to D2NT30_NTBot41.lnk
[2011/03/21 02:24:58 | 000,166,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\magic_rare.nip
[2011/03/20 23:16:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
[2011/03/20 21:51:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008Core.job
[2011/03/20 20:44:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/20 20:37:23 | 004,297,576 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/03/20 20:10:29 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/03/20 20:07:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/20 20:07:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/20 20:07:43 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/19 17:57:04 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3409468861-1876123338-1713568439-1008Core.job
[2011/03/17 14:59:41 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2011/03/17 14:59:41 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/14 10:03:18 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 17:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/01 23:26:18 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011/03/01 11:37:55 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/28 18:11:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/02/28 18:09:30 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/28 11:05:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/27 17:24:23 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/02/27 17:06:09 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2011/02/27 17:05:19 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/27 17:04:10 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/27 17:04:10 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/27 17:03:44 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/02/27 17:03:28 | 000,001,854 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EL448AA-ABA a1310n_YC_0Pavi_QCNH550_E61NAemMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.13_T051115_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.19_#060122_N10EC8139_Z14F12F20_G10025954.MRK
[2011/02/27 17:02:13 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/27 17:01:20 | 000,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 02:47:57 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to D2NT30_NTBot41.lnk
[2011/03/21 02:24:58 | 000,166,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\magic_rare.nip
[2011/03/01 23:26:18 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011/03/01 11:37:55 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/28 18:09:30 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/27 17:52:17 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3409468861-1876123338-1713568439-1008UA.job
[2011/02/27 17:52:16 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3409468861-1876123338-1713568439-1008Core.job
[2011/02/27 17:03:44 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/02/27 17:03:25 | 000,001,854 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EL448AA-ABA a1310n_YC_0Pavi_QCNH550_E61NAemMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.13_T051115_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.19_#060122_N10EC8139_Z14F12F20_G10025954.MRK
[2011/02/27 17:03:14 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/27 17:02:35 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/27 17:02:34 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2011/02/27 17:02:34 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/02/27 17:02:34 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/02/27 17:02:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/27 17:02:32 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2011/02/27 17:02:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/02/27 17:02:29 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/02/27 17:02:29 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/02/27 17:02:29 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/01/29 18:49:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/29 18:49:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/29 18:49:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/29 18:49:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/29 18:49:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/05 21:51:38 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/04 16:37:38 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 07:02:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/05/17 09:50:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mnonon.bin
[2010/04/19 04:15:28 | 000,866,304 | ---- | C] () -- C:\WINDOWS\D2NT.dll
[2009/07/26 14:12:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/25 22:23:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/14 17:04:35 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/04/14 16:56:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/24 17:08:02 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/01/11 16:22:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/01/06 12:12:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/12/26 17:21:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/11/10 17:15:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/10 16:54:49 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/10 16:50:27 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2005/11/10 16:49:39 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/10 16:49:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/10 16:46:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/10 16:43:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 16:38:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 16:38:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 16:38:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 16:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 16:32:35 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/10 16:31:35 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/10 16:31:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/10 16:25:48 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005/11/10 16:25:48 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005/11/10 16:24:47 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/11/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/11/10 16:23:14 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005/11/10 16:23:14 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/11/10 16:20:01 | 000,088,403 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2005/11/10 16:20:01 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2005/11/10 16:18:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/10 16:14:10 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/10 16:02:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/10 15:55:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/10 15:55:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/10 15:55:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 12:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 04:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/31 04:07:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/31 04:07:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/31 04:05:30 | 000,192,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/31 04:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/31 03:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 04:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 14:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 15:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >
  • 0

Advertisements


#2
rkinsey1313

rkinsey1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
can i get some help plz??
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello rkinsey1313 and welcome to G2G! :D

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please download

Attached File  resetdma.zip   1.21KB   159 downloads

to your Desktop.

  • Unzip it and run it by double click
  • Confirm reset by clicking on OK button
  • Restart your system

Step 2

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Step 3

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Scan All User" checkbox
  • Change "Extra Registry" option to "SafeList"
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#4
rkinsey1313

rkinsey1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Hey thanks for helping me Mailprog. I ran all the scans and updated Java. Here is the OTL logs.



OTL logfile created on: 4/6/2011 2:23:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.80 Gb Total Space | 155.71 Gb Free Space | 87.58% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.17% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 14:22:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/04/06 14:17:00 | 000,400,384 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\JavaRa\JavaRa.exe
PRC - [2011/03/23 10:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/06 14:22:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2004/08/10 12:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 20:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2005/09/08 00:23:06 | 000,021,120 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{085326CB-51A3560A-05010003})
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 22:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/04 00:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 01:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2005/11/10 17:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2005/11/10 17:43:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/04 19:20:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe ()
O4 - HKU\S-1-5-21-531459008-3862666898-4111573134-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-531459008-3862666898-4111573134-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/10 17:46:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 14:20:31 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/06 14:20:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/06 14:20:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/06 14:20:31 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/06 14:20:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/06 14:14:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/06 12:39:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/06 12:34:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/06 12:32:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/05 12:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\LolClient
[2011/04/05 12:24:29 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/04/05 12:24:29 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/04/05 12:24:28 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/04/05 12:24:28 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/04/05 12:24:25 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/04/05 11:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\League of Legends
[2011/04/05 00:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 00:28:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/05 00:28:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/05 00:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/04 19:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/04/04 19:07:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/04/04 19:04:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2011/04/04 19:04:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Cookies
[2011/04/04 19:04:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\SendTo
[2011/04/04 19:04:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Application Data
[2011/04/04 19:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
[2011/04/04 19:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu
[2011/04/04 19:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2011/04/04 19:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2011/04/04 19:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2011/04/04 19:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents
[2011/04/04 19:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Favorites
[2011/04/04 19:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Accessories
[2011/04/04 19:04:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Templates
[2011/04/04 19:04:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\PrintHood
[2011/04/04 19:04:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\NetHood
[2011/04/04 19:04:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Online Services
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2011/04/04 19:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2011/04/04 18:35:09 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/04/04 11:31:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/03/31 14:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/03/28 12:19:21 | 007,708,672 | ---- | C] (home) -- C:\Documents and Settings\HP_Administrator\My Documents\Hero Editor.exe
[2011/03/28 12:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hero Editor
[2011/03/21 18:49:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/21 18:49:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/20 18:33:19 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 14:25:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-371545005-4134406093-3066404168-1008UA.job
[2011/04/06 14:21:24 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/06 14:20:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/06 14:20:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/06 14:20:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/06 14:20:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/06 14:20:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/06 14:19:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2648250714-2191380005-3768474473-1008UA.job
[2011/04/06 14:16:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
[2011/04/06 14:15:03 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/04/06 14:14:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/06 14:13:58 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/06 12:34:13 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/04/06 12:32:02 | 004,315,416 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/04/06 12:02:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2592192355-614477077-4130303216-1008UA.job
[2011/04/06 11:57:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3409468861-1876123338-1713568439-1008UA.job
[2011/04/06 11:51:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008UA.job
[2011/04/06 11:44:01 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-531459008-3862666898-4111573134-1008UA.job
[2011/04/06 11:37:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1452723691-1061603242-2140089356-1008UA.job
[2011/04/06 02:25:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-371545005-4134406093-3066404168-1008Core.job
[2011/04/05 23:16:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
[2011/04/05 21:51:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008Core.job
[2011/04/05 21:19:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2648250714-2191380005-3768474473-1008Core.job
[2011/04/05 19:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-531459008-3862666898-4111573134-1008Core.job
[2011/04/05 18:10:44 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2011/04/05 17:57:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3409468861-1876123338-1713568439-1008Core.job
[2011/04/05 17:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/05 14:37:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1452723691-1061603242-2140089356-1008Core.job
[2011/04/05 13:02:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2592192355-614477077-4130303216-1008Core.job
[2011/04/05 12:24:30 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011/04/05 00:28:19 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 00:18:39 | 000,001,471 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2011/04/04 21:04:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/04 19:42:43 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2011/04/04 19:42:43 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/04 19:20:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/04 19:07:43 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/04 19:06:53 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/04 19:06:53 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/04 19:06:35 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2011/04/04 19:06:18 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/04/04 19:05:59 | 000,001,854 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EL448AA-ABA a1310n_YC_0Pavi_QCNH550_E61NAemMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.13_T051115_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.19_#060122_N10EC8139_Z14F12F20_G10025954.MRK
[2011/04/04 19:04:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/04 19:04:45 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/04 19:03:50 | 000,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/04 13:58:15 | 000,087,868 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\me and my babee.jpg
[2011/04/04 12:39:30 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2011/04/02 18:19:54 | 000,238,840 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Bubblesz03162243_4.jpg
[2011/03/30 03:01:23 | 000,065,290 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\me and my woman.jpg
[2011/03/28 12:53:13 | 000,023,326 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Hero Editor.ini
[2011/03/21 03:24:58 | 000,166,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\magic_rare.nip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/05 12:24:30 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011/04/05 00:28:19 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/04 19:39:24 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-531459008-3862666898-4111573134-1008UA.job
[2011/04/04 19:39:24 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-531459008-3862666898-4111573134-1008Core.job
[2011/04/04 19:06:35 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2011/04/04 19:06:17 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/04/04 19:05:55 | 000,001,854 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EL448AA-ABA a1310n_YC_0Pavi_QCNH550_E61NAemMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.13_T051115_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.19_#060122_N10EC8139_Z14F12F20_G10025954.MRK
[2011/04/04 19:05:45 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/04 19:05:03 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2011/04/04 19:05:03 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/04/04 19:05:03 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/04/04 19:05:03 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/04 19:05:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/04 19:05:01 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2011/04/04 19:04:59 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/04/04 19:04:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/04/04 19:04:59 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/04/04 19:04:59 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/04/04 13:58:24 | 000,087,868 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\me and my babee.jpg
[2011/04/04 12:58:41 | 000,002,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2011/04/04 12:57:04 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2592192355-614477077-4130303216-1008UA.job
[2011/04/04 12:57:04 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2592192355-614477077-4130303216-1008Core.job
[2011/04/04 12:39:29 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2011/04/02 18:07:30 | 000,238,840 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Bubblesz03162243_4.jpg
[2011/04/02 15:32:35 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1452723691-1061603242-2140089356-1008UA.job
[2011/04/02 15:32:35 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1452723691-1061603242-2140089356-1008Core.job
[2011/04/01 03:20:20 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-371545005-4134406093-3066404168-1008UA.job
[2011/04/01 03:20:20 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-371545005-4134406093-3066404168-1008Core.job
[2011/03/30 03:01:34 | 000,065,290 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\me and my woman.jpg
[2011/03/28 12:19:27 | 000,023,326 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Hero Editor.ini
[2011/03/21 22:14:07 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2648250714-2191380005-3768474473-1008UA.job
[2011/03/21 22:14:07 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2648250714-2191380005-3768474473-1008Core.job
[2011/03/21 03:24:58 | 000,166,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\magic_rare.nip
[2011/01/29 19:49:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/29 19:49:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/29 19:49:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/29 19:49:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/29 19:49:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/05 22:51:38 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/04 17:37:38 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 08:02:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/05/17 10:50:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mnonon.bin
[2010/04/19 05:15:28 | 000,866,304 | ---- | C] () -- C:\WINDOWS\D2NT.dll
[2009/07/26 15:12:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/25 23:23:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/14 18:04:35 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/04/14 17:56:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/24 18:08:02 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/01/11 17:22:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/01/06 13:12:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/12/26 18:21:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/11/10 18:15:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/10 17:54:49 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/10 17:50:27 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2005/11/10 17:49:39 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/10 17:49:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/10 17:46:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/10 17:43:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 17:38:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 17:38:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 17:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 17:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 17:38:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 17:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 17:32:35 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/10 17:31:35 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/10 17:31:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/10 17:25:48 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005/11/10 17:25:48 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005/11/10 17:24:47 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/11/10 17:24:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/11/10 17:23:14 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005/11/10 17:23:14 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/11/10 17:20:01 | 000,088,403 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2005/11/10 17:20:01 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2005/11/10 17:18:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/10 17:14:10 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/10 17:02:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/10 16:55:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/10 16:55:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/10 16:55:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 13:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 05:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/31 05:07:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/31 05:07:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/31 05:05:30 | 000,192,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/31 05:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/31 04:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 16:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 16:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

Edited by rkinsey1313, 06 April 2011 - 10:39 PM.

  • 0

#5
rkinsey1313

rkinsey1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
OTL Extras logfile created on: 4/6/2011 2:23:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.80 Gb Total Space | 155.71 Gb Free Space | 87.58% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.17% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-531459008-3862666898-4111573134-1008\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57681:TCP" = 57681:TCP:*:Enabled:Pando Media Booster
"57681:UDP" = 57681:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"57681:TCP" = 57681:TCP:*:Enabled:Pando Media Booster
"57681:UDP" = 57681:UDP:*:Enabled:Pando Media Booster
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DFB0FED6-0010-4E9B-A402-E513F2459161}" = muvee autoProducer unPlugged 1.2
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7137AFD-4E43-47A6-BDC7-533808F72B36}" = muvee autoProducer 4.5
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)
"ATI Display Driver" = ATI Display Driver
"AwayMode160" = Microsoft Away Mode
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Netscape Browser" = Netscape Browser (remove only)
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-531459008-3862666898-4111573134-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2011 11:54:54 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application extract.cfxxe, version 0.0.0.0, faulting module
crtdll.dll, version 4.0.1183.1, fault address 0x000115ce.

[ System Events ]
Error - 4/4/2011 10:05:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = SAVRT | ID = 458772
Description =

Error - 4/4/2011 10:05:22 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%31

Error - 4/5/2011 3:30:40 AM | Computer Name = YOUR-4DACD0EA75 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0015F278D200 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi rkinsey1313,

Any changes after running resetdma.vbs?

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.
  • 0

#7
rkinsey1313

rkinsey1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Hey Mailprog. My computer still seems to be acting horrible after running resetdma.vbs. The first time I ran combofix I got an error saying memory was too low or I had some corrupter file in cmdcons and was unable to download the Windows Recovery Console. I ran it a second time and it allowed my to download the recovery console and it found an additional infection so there will be 2 combofix logs.


ComboFix 11-04-08.01 - HP_Administrator 04/08/2011 19:27:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.616 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 02:13 . 2011-04-09 02:31 -------- d-----w- c:\documents and settings\HP_Administrator
2011-04-09 01:25 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-04-09 01:25 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-04-09 01:25 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-04-09 01:25 . 2011-04-09 01:25 -------- d-----w- c:\windows\LastGood
2011-04-08 23:59 . 2011-04-09 02:15 -------- d-sh--r- c:\windows\system32\dllcache
2011-04-08 22:00 . 2011-04-08 22:00 -------- d-----w- C:\4c6fcea9c94d08cf7330f30fdf
2011-04-08 03:39 . 2011-04-09 02:16 -------- d-----w- C:\USERDATA
2011-04-05 07:28 . 2011-04-05 07:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 19:17 . 2011-03-31 21:32 -------- d-----w- c:\program files\Hero Editor
2011-03-22 01:49 . 2011-03-22 01:49 -------- d-----w- C:\_OTM
2011-03-22 01:49 . 2011-03-22 01:49 -------- d-----w- C:\_OTL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-08-10 53248]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
.
R3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/8/2005 12:23 AM 21120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - APPMGMT
*NewlyCreated* - PCD5SRVC{085326CB-51A3560A-05010003}
*Deregistered* - SAVRTPEL
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-04-09 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1634801569-2001027438-3047619732-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 04:02]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1634801569-2001027438-3047619732-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 04:02]
.
2011-04-09 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 19:31
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-04-08 19:33:19
ComboFix-quarantined-files.txt 2011-04-09 02:33
ComboFix2.txt 2011-04-08 21:44
ComboFix3.txt 2011-04-08 04:00
ComboFix4.txt 2011-04-06 01:17
ComboFix5.txt 2011-04-08 22:06
.
Pre-Run: 167,751,323,648 bytes free
Post-Run: 167,746,953,216 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - E57ABAED20A0376DA496E64E8903D46E

Edited by rkinsey1313, 08 April 2011 - 09:09 PM.

  • 0

#8
rkinsey1313

rkinsey1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
ComboFix 11-04-08.01 - HP_Administrator 04/08/2011 19:59:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.589 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000223_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 02:40 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 02:40 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-05 07:28 . 2011-04-09 02:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 19:17 . 2011-03-31 21:32 -------- d-----w- c:\program files\Hero Editor
2011-03-22 01:49 . 2011-03-22 01:49 -------- d-----w- C:\_OTM
2011-03-22 01:49 . 2011-03-22 01:49 -------- d-----w- C:\_OTL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-09_02.31.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-18 16:15 . 2010-03-18 16:15 51024 c:\windows\system32\vcomp100.dll
+ 2005-11-11 00:05 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2004-08-10 12:00 . 2008-05-19 13:33 18944 c:\windows\system32\msisip.dll
+ 2004-08-10 12:00 . 2008-05-19 08:57 95744 c:\windows\system32\msiexec.exe
+ 2010-03-18 16:15 . 2010-03-18 16:15 80720 c:\windows\system32\mfcm100u.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 80208 c:\windows\system32\mfcm100.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 60752 c:\windows\system32\mfc100rus.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 43344 c:\windows\system32\mfc100kor.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 43856 c:\windows\system32\mfc100jpn.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 62288 c:\windows\system32\mfc100ita.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 64336 c:\windows\system32\mfc100fra.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 63824 c:\windows\system32\mfc100esn.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 55120 c:\windows\system32\mfc100enu.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 64336 c:\windows\system32\mfc100deu.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 36176 c:\windows\system32\mfc100cht.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 36176 c:\windows\system32\mfc100chs.dll
+ 2004-08-10 12:00 . 2008-05-19 13:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-10 12:00 . 2008-05-19 08:57 95744 c:\windows\system32\dllcache\msiexec.exe
+ 2004-08-10 12:00 . 2008-04-17 08:43 2560 c:\windows\system32\msimsg.dll
+ 2004-08-10 12:00 . 2008-04-17 08:43 2560 c:\windows\system32\dllcache\msimsg.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 770384 c:\windows\system32\msvcr100.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 421200 c:\windows\system32\msvcp100.dll
+ 2004-08-10 12:00 . 2008-05-19 13:33 332800 c:\windows\system32\msihnd.dll
+ 2004-08-10 12:00 . 2008-05-19 13:33 332800 c:\windows\system32\dllcache\msihnd.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 138056 c:\windows\system32\atl100.dll
+ 2011-04-09 02:36 . 2011-04-09 02:36 151552 c:\windows\Installer\151079.msi
+ 2004-08-10 12:00 . 2008-05-19 13:33 4445184 c:\windows\system32\msi.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 4368720 c:\windows\system32\mfc100u.dll
+ 2010-03-18 16:15 . 2010-03-18 16:15 4342088 c:\windows\system32\mfc100.dll
+ 2004-08-10 12:00 . 2008-05-19 13:33 4445184 c:\windows\system32\dllcache\msi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-04-08 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-08-10 53248]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
.
R3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/8/2005 12:23 AM 21120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - APPMGMT
*NewlyCreated* - PCD5SRVC{085326CB-51A3560A-05010003}
*Deregistered* - SAVRTPEL
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-04-09 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1634801569-2001027438-3047619732-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 04:02]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1634801569-2001027438-3047619732-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 04:02]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-943780559-236423973-2134130009-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 04:02]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-943780559-236423973-2134130009-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 04:02]
.
2011-04-09 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 20:02
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-04-08 20:04:03
ComboFix-quarantined-files.txt 2011-04-09 03:04
ComboFix2.txt 2011-04-09 02:33
ComboFix3.txt 2011-04-08 21:44
ComboFix4.txt 2011-04-08 04:00
ComboFix5.txt 2011-04-09 02:53
.
Pre-Run: 167,560,957,952 bytes free
Post-Run: 167,552,897,024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A61B3A0DD5DFB565E9A64E07F4E09063
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi rkinsey1313,

I don't see any antivirus software installed on your machine. Ether way...

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.
  • 0

#10
rkinsey1313

rkinsey1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Ok I downloaded Avast and did a boot scan. It found 2 things.

C:\hp\bin\Killit.exe --> PUP:WIn32:KillApp-W [PUP]
C:\System Volume Information\_restore{106CF321-99A3-4E3A-1BD027606A99}RP5\A0001373.exe

It seems to be running alot faster but there is still something there. I can tell its runnin at about 85-90% of what it usually is.
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi rkinsey1313,

OK. There is no sign of malware on your machine. Let's do some TLC :D

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
For the first run I would recommend a Restart-Defrag-Restart + Disk Check

Posted Image
  • 0

#12
rkinsey1313

rkinsey1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
I ran startuplite and there are no unnecessary processes runnin on my computer. I ran the defrager too. Im still noticing speed issues mostly when Im either on youtube or somewhere with streaming videos or on games. There has to be something on my computer still. It usually runs flawlessly and now its horrible. I used to be able to open a youtube video and it would run fine. Now I gotta wait for it to load before I can watch it because it ends up freezing and stuff.

Edited by rkinsey1313, 11 April 2011 - 03:56 PM.

  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi rkinsey1313,

There is no sign of malware on your system. Maybe there is something wrong with your drivers or system. Please open topic in Windows XP™, 2000, 2003, NT and these guys will help you with that part. Tell them that you were send from here.

I'll leave this topic open until you resolve your system problem.
  • 0

#14
rkinsey1313

rkinsey1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
The items that I believe to be malicious is the LEGACY ones. They are in two loactions.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root

Posted Image
Posted Image
Posted Image
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi rkinsey1313,

Those items are not malicious. Please don't delete registry entries on your own. You can heart your system.

I wen't throo your logs one more time and there are no malicius items any more. Your system is clean and there is no more item we can remove.

We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.

4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP