Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: rstoddard on March 19, 2010, 09:13:22 PM

Title: Antispyware XP
Post by: rstoddard on March 19, 2010, 09:13:22 PM
I had a nasty, rather annoying infection called Antispyware XP. I followed the preliminary steps, and it seems to be gone.

Here are the logs:

HighjackThis,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:13 PM, on 3/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\GhostSurf Platinum\ProtectorSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GhostSurf Platinum\SpyCatcher.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.masslive.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf Platinum\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpyCatcher.lnk = C:\Program Files\GhostSurf Platinum\SpyCatcher.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://www.comcastsupport.com/sdccommon/download/ssrc.cab
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - http://www.comcastsupport.com/sdccommon/download/sprtctlln.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154979291375
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://www.gamehouse.com/games/abxgh.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) - http://192.168.1.115/NetCamPlayerWeb11gv2.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5211/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Update Service (gupdate1c988bea66095e2) (gupdate1c988bea66095e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Protector - Tenebril Inc. - C:\Program Files\GhostSurf Platinum\ProtectorSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 11616 bytes


SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/19/2010 at 09:45 PM

Application Version : 4.33.1000

Core Rules Database Version : 4700
Trace Rules Database Version: 2512

Scan type       : Complete Scan
Total Scan Time : 01:59:09

Memory items scanned      : 490
Memory threats detected   : 1
Registry items scanned    : 7300
Registry threats detected : 0
File items scanned        : 147035
File threats detected     : 2

Trojan.Agent/Gen-RogueAV
   C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE
   C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE
   C:\WINDOWS\Prefetch\AVE.EXE-21CF0F3C.pf

Malwarebites:

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/19/2010 10:22:03 PM
mbam-log-2010-03-19 (22-22-03).txt

Scan type: Quick Scan
Objects scanned: 215839
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Could someone please confirm this for me? Is it gone?  ::)

Title: Re: Antispyware XP
Post by: Dr Jay on March 22, 2010, 05:02:14 PM
hi

Please download DDS by sUBs from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/dds.scr) or Forospyware.com (http://www.forospyware.com/sUBs/dds) and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
Title: Re: Antispyware XP
Post by: rstoddard on March 23, 2010, 08:01:00 PM
Thank you.

I have done what you have instructed. However (please excuse my ignorance) I do not know how to "zip" the DDS file. I know that this means to compress it in some way, but I do not know the procedure to follow ???

Is there a program that I need?
Title: Re: Antispyware XP
Post by: Dr Jay on March 23, 2010, 09:14:13 PM
Go ahead and post the results of it, please.
Title: Re: Antispyware XP
Post by: rstoddard on March 24, 2010, 07:45:21 PM
O.K., here it is:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2006 8:20:14 PM
System Uptime: 3/21/2010 6:37:40 PM (51 hours ago)

Motherboard: ASUSTeK Computer INC. |  | Goldfish3
Processor:               Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3063/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 49.13 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.251 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is CDROM ()
M: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP360: 12/24/2009 7:56:51 AM - System Checkpoint
RP361: 12/25/2009 12:13:23 PM - System Checkpoint
RP362: 12/26/2009 4:03:41 PM - System Checkpoint
RP363: 12/27/2009 4:12:55 PM - System Checkpoint
RP364: 12/28/2009 4:14:04 PM - System Checkpoint
RP365: 12/29/2009 4:49:00 PM - System Checkpoint
RP366: 12/30/2009 5:49:02 PM - System Checkpoint
RP367: 12/31/2009 6:37:02 PM - System Checkpoint
RP368: 1/1/2010 7:13:07 PM - System Checkpoint
RP369: 1/2/2010 10:48:50 PM - System Checkpoint
RP370: 1/3/2010 11:17:20 PM - System Checkpoint
RP371: 1/5/2010 2:50:22 AM - System Checkpoint
RP372: 1/6/2010 3:13:29 AM - System Checkpoint
RP373: 1/7/2010 3:59:56 AM - System Checkpoint
RP374: 1/8/2010 4:23:59 AM - System Checkpoint
RP375: 1/9/2010 5:22:45 AM - System Checkpoint
RP376: 1/10/2010 5:58:46 AM - System Checkpoint
RP377: 1/11/2010 7:46:38 PM - System Checkpoint
RP378: 1/12/2010 10:26:56 PM - System Checkpoint
RP379: 1/13/2010 11:02:59 PM - System Checkpoint
RP380: 1/14/2010 3:00:22 AM - Software Distribution Service 3.0
RP381: 1/15/2010 9:33:24 AM - System Checkpoint
RP382: 1/16/2010 10:18:33 AM - System Checkpoint
RP383: 1/17/2010 4:28:48 PM - System Checkpoint
RP384: 1/18/2010 1:41:25 PM - Removed Microsoft Office Standard Edition 2003
RP385: 1/19/2010 1:56:48 PM - System Checkpoint
RP386: 1/20/2010 3:00:18 AM - Software Distribution Service 3.0
RP387: 1/21/2010 3:13:24 AM - System Checkpoint
RP388: 1/22/2010 3:25:24 AM - System Checkpoint
RP389: 1/23/2010 3:00:18 AM - Software Distribution Service 3.0
RP390: 1/24/2010 5:51:31 AM - System Checkpoint
RP391: 1/25/2010 9:30:37 AM - System Checkpoint
RP392: 1/26/2010 10:12:33 AM - System Checkpoint
RP393: 1/27/2010 10:46:05 AM - System Checkpoint
RP394: 1/27/2010 9:52:06 PM - Restore Operation
RP395: 1/27/2010 9:56:17 PM - Restore Operation
RP396: 1/28/2010 10:35:13 PM - System Checkpoint
RP397: 1/30/2010 12:55:47 AM - System Checkpoint
RP398: 1/31/2010 1:54:49 AM - System Checkpoint
RP399: 2/1/2010 2:21:43 AM - System Checkpoint
RP400: 2/2/2010 3:51:48 AM - System Checkpoint
RP401: 2/2/2010 9:23:56 PM - Restore Operation
RP402: 2/4/2010 2:34:31 AM - System Checkpoint
RP403: 2/5/2010 2:52:47 AM - System Checkpoint
RP404: 2/6/2010 7:45:09 AM - System Checkpoint
RP405: 2/6/2010 12:15:00 PM - Removed SUPERAntiSpyware Free Edition
RP406: 2/6/2010 12:16:51 PM - Installed SUPERAntiSpyware Free Edition
RP407: 2/6/2010 8:11:20 PM - Installed Java(TM) 6 Update 18
RP408: 2/7/2010 9:00:45 PM - System Checkpoint
RP409: 2/9/2010 12:20:39 AM - System Checkpoint
RP410: 2/10/2010 1:18:14 AM - System Checkpoint
RP411: 2/11/2010 1:55:54 AM - System Checkpoint
RP412: 2/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP413: 2/12/2010 3:50:29 AM - System Checkpoint
RP414: 2/13/2010 4:36:38 AM - System Checkpoint
RP415: 2/14/2010 7:56:23 AM - System Checkpoint
RP416: 2/15/2010 8:20:01 AM - System Checkpoint
RP417: 2/16/2010 9:46:19 AM - System Checkpoint
RP418: 2/17/2010 10:20:05 AM - System Checkpoint
RP419: 2/18/2010 11:20:06 AM - System Checkpoint
RP420: 2/19/2010 11:32:06 AM - System Checkpoint
RP421: 2/20/2010 12:16:36 PM - System Checkpoint
RP422: 2/21/2010 12:18:01 PM - System Checkpoint
RP423: 2/22/2010 12:32:10 PM - System Checkpoint
RP424: 2/23/2010 12:58:40 PM - System Checkpoint
RP425: 2/23/2010 10:25:08 PM - Software Distribution Service 3.0
RP426: 2/24/2010 3:00:20 AM - Software Distribution Service 3.0
RP427: 2/25/2010 4:00:16 AM - System Checkpoint
RP428: 2/26/2010 4:12:17 AM - System Checkpoint
RP429: 2/27/2010 4:24:18 AM - System Checkpoint
RP430: 2/28/2010 5:24:19 AM - System Checkpoint
RP431: 3/1/2010 6:24:20 AM - System Checkpoint
RP432: 3/2/2010 6:48:22 AM - System Checkpoint
RP433: 3/3/2010 5:27:38 PM - System Checkpoint
RP434: 3/4/2010 6:00:22 PM - System Checkpoint
RP435: 3/5/2010 6:02:07 PM - System Checkpoint
RP436: 3/6/2010 10:55:45 PM - System Checkpoint
RP437: 3/8/2010 12:07:50 AM - System Checkpoint
RP438: 3/9/2010 12:55:14 AM - System Checkpoint
RP439: 3/10/2010 7:42:35 AM - System Checkpoint
RP440: 3/11/2010 3:00:20 AM - Software Distribution Service 3.0
RP441: 3/12/2010 3:57:52 AM - System Checkpoint
RP442: 3/13/2010 4:33:53 AM - System Checkpoint
RP443: 3/14/2010 5:57:54 AM - System Checkpoint
RP444: 3/15/2010 6:59:00 AM - System Checkpoint
RP445: 3/16/2010 7:57:59 AM - System Checkpoint
RP446: 3/17/2010 8:33:56 AM - System Checkpoint
RP447: 3/18/2010 8:57:56 AM - System Checkpoint
RP448: 3/19/2010 8:59:09 AM - System Checkpoint
RP449: 3/20/2010 9:33:17 AM - System Checkpoint
RP450: 3/21/2010 9:50:05 AM - System Checkpoint
RP451: 3/21/2010 6:39:33 PM - Restore Operation
RP452: 3/22/2010 11:49:22 PM - System Checkpoint

==== Installed Programs ======================

Active Media Player Screen Saver 2.00
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Audiogalaxy Rhapsody
BufferChm
CameraDrivers
CCleaner
CleanUp!
Comcast PhotoShow Deluxe 4
Compatibility Pack for the 2007 Office system
ConnectionServices
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
CutePDF Writer 2.7
Destinations
DeviceManagementQFolder
Diner Dash
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (remove only)
DVDFab 6.2.1.8 (31/12/2009)
DVDFab Decrypter 3.0.3.0
Easy CD & DVD Creator 6
Easy Internet Sign-up
eFax Messenger 4.2
Enhanced Multimedia Keyboard Solution
Express Rip
Fax
Fax_CDA
Filetopia Client v3.04d
Free CD Ripper 3.1
Free RAR Extract Frog 1.00
FreeRIP v3.1
Garmin City Navigator North America NT 2009 Update
GdiplusUpgrade
GemMaster Mystic
getPlus(R)_ocx
GhostSurf Platinum
GhostSurfGhostMyMail 1.0.0
GhostSurfSpyCatcher 5.1
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HPProductAssistant
HpSdpAppCoreApp
Image Resizer Powertoy for Windows XP
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LightScribe  1.4.42.1
LimeWire 5.3.6
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Speakerphone Modem
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
MXpie Patch for WinMX/WPNP
Napster
Napster Burn Engine
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
Office 2003 Tour
OpenOffice.org 3.0
Otto
Panda ActiveScan 2.0
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
ProductContextNPI
PS2
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2005
QuickTime
RandMap
RealPlayer
Replay Music
Rhapsody Player Engine
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SkinsHP1
SnagIt 8
SolutionCenter
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Symantec Network Drivers Update
Total Recorder 5.3
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
URGE
VC 9.0 Runtime
WebFldrs XP
WebReg
Winamp
Window Washer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinMX
WinZip 11.1
ZoneAlarm Security Suite
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

3/19/2010 10:49:57 PM, error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  Cannot create a file when that file already exists.
3/18/2010 11:19:43 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Cdr4_xp
3/18/2010 11:19:43 PM, error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/16/2010 9:35:43 PM, error: Service Control Manager [7001]  - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/16/2010 9:35:43 PM, error: DCOM [10005]  - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================


DDS (Ver_10-03-17.01) - NTFSx86 
Run by HP_Administrator at 21:47:59.83 on Tue 03/23/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.420 [GMT -4:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)   {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\GhostSurf Platinum\ProtectorSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wmfdist.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IXP000.TMP\setup_wm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.masslive.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uWindow Title =
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\comcast\comcas~1\data\xtras\mssysmgr.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Window Washer] "c:\program files\webroot\washer\wwDisp.exe"
mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPwuSchd2.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [GhostSurf Reminder] "c:\program files\ghostsurf platinum\Privacy Control Center.exe" reminder
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\hp_adm~1\locals~1\temp\ixp000.tmp\"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\goback.lnk - c:\program files\roxio\goback\GBTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spycat~1.lnk - c:\program files\ghostsurf platinum\SpyCatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: magicjack.com\my
Trusted Zone: mcafee.com
Trusted Zone: talk4free.com\reg
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/ssrc.cab
DPF: {01119400-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/sprtctlln.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154979291375
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://www.gamehouse.com/games/abxgh.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.1.115/NetCamPlayerWeb11gv2.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5211/mcfscan.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\2kb2uh0s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www6.comcast.net/a/?cookieattempt=1
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\2kb2uh0s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\2kb2uh0s.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\2kb2uh0s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\2kb2uh0s.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\np32dsw.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npbeatnk.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nppl3260.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprfxins.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprjplug.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2009-11-24 128016]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-22 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-24 486280]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 Protector;Protector;c:\program files\ghostsurf platinum\ProtectorSvc.exe [2008-7-11 3020608]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2007-8-22 388936]
S2 gupdate1c988bea66095e2;Google Update Service (gupdate1c988bea66095e2);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\comfiltr.sys --> c:\windows\system32\drivers\COMFiltr.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]

=============== Created Last 30 ================

2010-03-24 01:05:42   835584   ----a-w-   c:\windows\system32\NCTAudioCDGrabber2.dll
2010-03-24 01:05:42   450560   ----a-w-   c:\windows\system32\NCTAudioTransform2.dll
2010-03-24 01:05:42   335872   ----a-w-   c:\windows\system32\NCTAudioVisualization2.dll
2010-03-24 01:05:42   315392   ----a-w-   c:\windows\system32\NCTAudioPlayer2.dll
2010-03-24 01:05:42   311296   ----a-w-   c:\windows\system32\NCTAudioRecord2.dll
2010-03-24 01:05:42   270336   ----a-w-   c:\windows\system32\NCTAudioDisplay2.dll
2010-03-24 01:05:42   237568   ----a-w-   c:\windows\system32\lame_enc.dll
2010-03-24 01:05:42   196608   ----a-w-   c:\windows\system32\NCTWMAFile2.dll
2010-03-24 01:05:42   1843200   ----a-w-   c:\windows\system32\NCTAudioFile2.dll
2010-03-24 01:05:42   1040384   ----a-w-   c:\windows\system32\NCTAudioInformation2.dll
2010-03-24 01:05:41   4057200   ----a-w-   c:\windows\system32\wmfdist.exe
2010-03-24 01:05:40   0   d-----w-   c:\program files\FreeCDRipper
2010-03-19 11:22:52   110574   ----a-w-   c:\windows\~DF1A56.tmp
2010-03-11 04:00:04   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe

==================== Find3M  ====================

2010-03-23 10:57:49   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2010-03-17 01:10:08   323584   ----a-w-   c:\windows\system32\AUDIOGENIE2.DLL
2010-02-21 20:35:28   8984   ----a-w-   c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2010-01-22 03:50:56   91496   ----a-w-   c:\docume~1\hp_adm~1\applic~1\GDIPFONTCACHEV1.DAT
2009-12-31 16:50:03   353792   ------w-   c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06   70656   ----a-w-   c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06   13824   ------w-   c:\windows\system32\dllcache\ieudinit.exe
2006-02-02 04:18:09   22   --sha-w-   c:\windows\sminst\HPCD.sys
2009-04-24 00:35:45   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-10-07 13:23:07   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100720081008\index.dat
2009-04-24 00:35:45   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 21:48:52.58 ===============
Title: Re: Antispyware XP
Post by: Dr Jay on March 24, 2010, 08:14:40 PM
Please go to Start > Control Panel > Add or Remove Programs (Programs and Features in Vista, Programs in 7) and remove the following (if present):


==========================

Please download the newest version of Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

===========================

I see you are running LimeWire. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

===========================

Download OTL.exe (http://oldtimer.geekstogo.com/OTL.exe) by OldTimer to your Desktop.
Title: Re: Antispyware XP
Post by: rstoddard on March 25, 2010, 09:02:39 AM
Thank you. I will have to do this this weekend, as I have to work for the next two days for about 10 hours each.

I will post the logs as soon as I can.

Thank you very much for your assistance! :D
Title: Re: Antispyware XP
Post by: Dr Jay on March 25, 2010, 11:12:11 AM
ok
Title: Re: Antispyware XP
Post by: rstoddard on March 26, 2010, 09:34:00 PM
O.K., I'm attaching this one as it exceeds the amount permitted in a posting.



[Saving space, attachment deleted by admin]
Title: Re: Antispyware XP
Post by: rstoddard on March 26, 2010, 09:35:39 PM
And, here's the other one:

OTL Extras logfile created on: 3/26/2010 11:19:47 PM - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,015.00 Mb Total Physical Memory | 415.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 49.10 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.25 Gb Free Space | 15.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HUEY
Current User Name: HP_Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
"{2C3D719A-92C7-4323-89CC-C937D0267B84}" = muvee autoProducer 4.0
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe  1.4.42.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{85A52A89-81D8-4736-BF5D-032AC2CD61E5}" = eFax Messenger 4.2
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}" = SnagIt 8
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}" = muvee autoProducer unPlugged 1.1 - HPD
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3B2EE6E-DC8F-4F4A-A611-AA75A69C0FF4}" = GhostSurfGhostMyMail 1.0.0
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D54193B7-D2DF-4977-B546-86CA48DB214E}" = HP Tunes
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0137EB8-1B6E-480B-8676-CE8A293F9FB8}" = GhostSurfSpyCatcher 5.1
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Active Media Player Screen Saver_is1" = Active Media Player Screen Saver 2.00
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Audiogalaxy Rhapsody" = Audiogalaxy Rhapsody
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Comcast PhotoShow Deluxe 4" = Comcast PhotoShow Deluxe 4
"ConnectionServices" = ConnectionServices
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Diner Dash" = Diner Dash
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab" = DVDFab (remove only)
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.3.0
"ExpressRip" = Express Rip
"Filetopia Client v3.04d" = Filetopia Client v3.04d
"Free CD Ripper_is1" = Free CD Ripper 3.1
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"getPlus(R)_ocx" = getPlus(R)_ocx
"GhostSurfPlatinum_is1" = GhostSurf Platinum
"HijackThis" = HijackThis 2.0.2
"Hijackthis_is1" = Hijackthis 1.99.1
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"LimeWire" = LimeWire 5.3.6
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Replay Music3.45" = Replay Music
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Switch" = Switch Sound File Converter
"TotalRecorder" = Total Recorder 5.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX" = WinMX
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MXpie Patch" = MXpie Patch for WinMX/WPNP
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 2/17/2010 10:13:59 PM | Computer Name = HUEY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
 module unknown, version 0.0.0.0, fault address 0x05430d90.
 
Error - 2/23/2010 7:51:24 PM | Computer Name = HUEY | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
 acrord32.dll, version 7.1.0.649, fault address 0x000ca199.
 
Error - 2/23/2010 11:28:47 PM | Computer Name = HUEY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
 find the required files. Check your connection to the network, or CD-ROM drive.
 For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.
 
Error - 2/23/2010 11:28:50 PM | Computer Name = HUEY | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Small Business - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}'
 could not be installed. Error code 1603. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 3/18/2010 4:25:57 PM | Computer Name = HUEY | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
 Scan.  The Windows Installer cannot continue.
 
Error - 3/18/2010 4:26:05 PM | Computer Name = HUEY | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
 Scan.  The Windows Installer cannot continue.
 
Error - 3/20/2010 7:15:53 PM | Computer Name = HUEY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
 module unknown, version 0.0.0.0, fault address 0x079c0fe0.
 
Error - 3/26/2010 10:55:29 PM | Computer Name = HUEY | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 7.1.0 -- A process is running that cannot be
 safely shut down by Adobe Reader. Please restart your computer and try again.
 
Error - 3/26/2010 10:55:41 PM | Computer Name = HUEY | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 7.1.0 -- A process is running that cannot be
 safely shut down by Adobe Reader. Please restart your computer and try again.
 
Error - 3/26/2010 10:56:13 PM | Computer Name = HUEY | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 7.1.0 -- A process is running that cannot be
 safely shut down by Adobe Reader. Please restart your computer and try again.
 
[ System Events ]
Error - 3/21/2010 6:13:00 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
 Service service which failed to start because of the following error:   %%1058
 
Error - 3/21/2010 6:13:00 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Cdr4_xp
 
Error - 3/21/2010 6:38:52 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
 Service service which failed to start because of the following error:   %%1058
 
Error - 3/21/2010 6:38:53 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Cdr4_xp
 
Error - 3/23/2010 8:58:18 PM | Computer Name = HUEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
 arguments ""  in order to run the server:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 3/23/2010 8:58:18 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
 Discovery Service service which failed to start because of the following error:
   %%1058
 
Error - 3/25/2010 8:29:17 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
 Service service which failed to start because of the following error:   %%1058
 
Error - 3/25/2010 8:29:17 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Cdr4_xp
 
Error - 3/26/2010 10:59:44 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
 Service service which failed to start because of the following error:   %%1058
 
Error - 3/26/2010 10:59:44 PM | Computer Name = HUEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Cdr4_xp
 
 
< End of report >
Title: Re: Antispyware XP
Post by: Dr Jay on March 26, 2010, 09:43:14 PM
Please copy and paste that attached log in to two pieces, in two-three separate posts.
Title: Re: Antispyware XP
Post by: rstoddard on March 27, 2010, 12:05:52 PM
O.K. Last part first:

O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010/03/26 23:17:27 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/03/23 21:05:42 | 001,843,200 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2010/03/23 21:05:42 | 001,040,384 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2010/03/23 21:05:42 | 000,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2010/03/23 21:05:42 | 000,450,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2010/03/23 21:05:42 | 000,335,872 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2010/03/23 21:05:42 | 000,315,392 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2010/03/23 21:05:42 | 000,311,296 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2010/03/23 21:05:42 | 000,270,336 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioDisplay2.dll
[2010/03/23 21:05:42 | 000,196,608 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2010/03/23 21:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCDRipper
[2010/03/21 17:49:16 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\HP_Administrator\Desktop\Firefox Setup 3.6.exe
[2010/03/19 23:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Virus Incident 031910
[2010/03/19 19:36:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2009/07/22 03:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/07 23:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/06/28 21:32:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[2007/12/24 00:02:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/24 00:02:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/12/24 00:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/08/07 22:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2006/08/07 00:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Panda Software
[2006/03/16 15:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Real
[2005/05/12 09:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[84 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[76 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2010/03/26 23:17:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/03/26 23:16:58 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/03/26 23:10:34 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/26 23:07:51 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/03/26 23:02:57 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\magicJack.lnk
[2010/03/26 23:00:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/26 22:59:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/26 22:59:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/26 22:58:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/26 22:58:47 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/26 22:58:08 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/03/26 22:57:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/03/26 22:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/21 19:07:34 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Holyoke Community College.url
[2010/03/21 18:20:25 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/21 17:49:22 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\HP_Administrator\Desktop\Firefox Setup 3.6.exe
[2010/03/21 14:54:15 | 000,000,922 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/21 14:54:15 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2010/03/21 14:54:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/20 21:15:21 | 000,132,614 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\426192079v8_480x480_Front.jpg
[2010/03/19 21:57:49 | 000,016,452 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\hTcY1
[2010/03/19 21:57:49 | 000,016,452 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hTcY1
[2010/03/18 16:35:08 | 007,198,830 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\scan0001.tif
[2010/03/18 15:21:06 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/18 15:21:06 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/18 15:21:05 | 000,524,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 16:46:14 | 000,040,465 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\pyzamquestion.jpg
[2010/03/16 21:10:08 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2010/03/16 21:08:00 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2010/03/16 21:07:59 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\05624B
[2010/03/13 17:32:13 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DVDFab 6.lnk
[84 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[76 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/03/26 23:10:33 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/23 21:05:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/03/21 18:20:25 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/21 14:54:11 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoBack.lnk
[2010/03/21 14:54:11 | 000,001,547 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/03/21 14:54:11 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2010/03/20 21:16:27 | 000,132,614 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\426192079v8_480x480_Front.jpg
[2010/03/19 00:16:32 | 000,016,452 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\hTcY1
[2010/03/19 00:16:32 | 000,016,452 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hTcY1
[2010/03/18 16:35:02 | 007,198,830 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\scan0001.tif
[2010/03/17 19:53:46 | 000,040,465 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\pyzamquestion.jpg
[2010/03/13 17:32:13 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DVDFab 6.lnk
[2009/04/22 22:18:20 | 015,550,638 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\msinfo.nfo
[2008/12/10 00:46:22 | 000,001,982 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/15 23:57:08 | 000,010,324 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/26 19:11:58 | 000,649,262 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\ReplayMusicLog.log
[2008/09/10 03:03:25 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/28 21:32:17 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.log
[2008/06/28 21:32:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2008/06/28 21:32:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2008/02/03 23:58:12 | 000,040,960 | --S- | C] () -- C:\WINDOWS\System32\ProcessKiller.dll
[2007/12/13 09:13:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/11/10 08:09:24 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/04 20:13:30 | 000,008,984 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/09/04 09:13:15 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\FixVTS.ini
[2006/08/09 09:08:06 | 001,515,091 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\Install.dat
[2006/06/11 07:15:15 | 000,163,387 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/06/11 07:15:15 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/11 23:24:11 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log
[2006/04/11 23:24:11 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/04/11 23:23:15 | 000,003,031 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log
[2006/04/11 23:23:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/11 23:21:20 | 000,003,877 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/04/11 23:21:20 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/11 23:19:57 | 000,012,239 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/11 23:19:57 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/11 23:18:41 | 000,031,442 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/11 23:18:41 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/16 11:46:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/03/16 11:46:23 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/03/15 00:16:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/02/20 22:44:06 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/02/15 00:20:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Systems.ini
[2006/01/15 21:18:45 | 000,002,878 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Hewlett-PackardHP Photosmart 3200 series1136944185_PROTOCOL.log
[2006/01/15 21:18:45 | 000,001,147 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Hewlett-PackardHP Photosmart 3200 series1136944185_UI.log
[2006/01/15 21:18:45 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/01/15 21:18:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Hewlett-PackardHP Photosmart 3200 series1136944185_API.log
[2006/01/13 00:01:31 | 000,007,147 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Cabos.plist
[2006/01/10 21:49:06 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/01/10 21:21:14 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/01/04 20:29:12 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2006/01/01 23:17:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2006/01/01 21:29:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dm.ini
[2006/01/01 21:29:07 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeDLM.log
[2005/12/31 10:38:50 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/28 01:14:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/28 00:48:02 | 000,014,290 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/28 00:47:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/28 00:45:12 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/09/28 00:39:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/28 00:34:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/28 00:34:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/28 00:34:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/28 00:34:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/28 00:34:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/28 00:34:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/28 00:12:46 | 000,002,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/28 00:11:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/28 00:08:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/09/28 00:08:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/09/28 00:08:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/09/28 00:08:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/09/28 00:08:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/09/28 00:08:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/09/28 00:08:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/09/28 00:08:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/09/28 00:08:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/09/27 23:51:01 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/27 23:45:38 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/09/27 23:45:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/09/27 23:45:14 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/21 12:47:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/10 02:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/07/27 01:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
 
========== LOP Check ==========
 
[2009/04/22 21:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007/08/09 14:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup
[2009/03/19 23:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/11/24 23:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2007/08/07 23:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/12/10 20:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/03/26 23:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/08/09 00:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/01/26 22:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/04/25 23:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/09/13 22:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/02/14 23:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/23 23:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2008/03/28 08:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
 
========== Purity Check ==========
 
 
< End of report >
Title: Re: Antispyware XP
Post by: rstoddard on March 27, 2010, 12:12:52 PM
Middle:

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\pavipc.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\SYSTOOLS.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\PavSHook.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\pavdrv51.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\netflt.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\Teefer.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\WG3N.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\wpsdrvnt.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\pcontNT.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\netids.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\CPoint.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\FwsVpn.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\TpUtil.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\actualiz.avi) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ADiagnst.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ADiagnst.ini) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ADialer.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ANALISIS.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ApVxdWin.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ASMDAT.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Avcic.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Avciman.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVCIMAN.INI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGDLL.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVLITE.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AvLite.ini) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVLITE.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVLtMain.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVLTMAIN.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVTASK.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\BOOTDISK.IMG) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\BOProt.XML) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\borlndmm.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\cc3250mt.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\CHMCCFG.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ComFltNt.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\COMPRESS.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\CONEXION.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Countlst.cl) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\cpdll.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Dealers.txt) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ENVIO.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\EstadUpd.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\FindAppl.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\FwAct.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\FWACT.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\FWRLS.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\global.msg) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ICL_CFG.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ICL_MTR.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\icl_trf.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\icons.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\idiomas.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ImRepAle.Dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ImRepAle.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\InstKRE.ini) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Instlsp.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\KRE.XML) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\KreCfgXM.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LangM5.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LIBXML2.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Licen_en.txt) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LITEUPG.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LTForms.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LTFORMS.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LUpgConf.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\msje8tp.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\NetVirus.xml) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\OSMerger.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\OSshield.sig) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\panda.chp) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pav.sig) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAV2WSC.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavAMW.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVCOMDL.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVCPROX.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVCRC.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVDLL.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavdr.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavdrv.inf) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVEXCOM.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFn.Dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFtp.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavim.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavlsp.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavMiCli.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavNntp.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVOE.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavPop3.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.bin) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVPROT.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAvScr.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVSCRIP.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavSInet.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavSMAPI.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVSMCL.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavSmtp.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PAVSRV51.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavtcmgr.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavtftp.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavTrc.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavWeb.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavWmail.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PFDNNT.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PFILE32.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PFSF.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\platc.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\plats.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PNDCTRLA.BPL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Port16.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pprocs32.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prcvfile.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PREG32.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevapi.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevent.sig) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ProtExc.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PROTINST.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PROXY.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSAEng.Cfg) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSAEng.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSAUI.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSAUI.mld) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSCookie.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PServ32.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSInet.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pskalloc.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pskcmp.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSKHTML.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pskmcf.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pskmfs.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pskpack.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSKUTIL.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pskvfile.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pskvm.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSREPORT.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSSCAN.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSSYSCHK.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsSysChk.xml) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psVers.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PUtil32.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PVer32.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Qrv.krn) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\RECONSF.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\REPORTEX.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\RESHOME.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\RESLITE.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\RSDNAPI.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\RsReport.rpt) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\SAFED.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\SAFEDISK.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\SAFEDISK.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Scans.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\SDISK2.IMG) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\sentinel.cfg) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\sentrsc.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\SHELLTIT.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\sporder.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\sporder.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TCPVFILE.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Titanium.ini) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TITCFG.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TITSCAN.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TITSCAN.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\titw.cfg) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\titwBK.cfg) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPConf.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\UNINSTAL.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\UNINSTAL.INI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\UPGTEST.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\USER.SVM) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\vcl50.bpl) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\vclx50.bpl) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\VerMan.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\VERSION.TXT) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebExcl.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.ini) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Welcome.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WHISTLER.BPL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WizSOS.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WizSOS.mld) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ZIUpdate.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ZIUPDATE.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1001391694_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\10534247_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1075359258_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1081831864_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1092434795_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1122733537_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1142642340_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\12224515_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1245951201_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1255514902_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1286071020_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1320380616_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1346925813_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1383231217_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1544848317_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1546243071_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1572751645_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1591461059_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1644049401_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\167085580_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1696950439_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1817728914_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\1857665065_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\199630472_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2054976669_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2055572116_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2283588243_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2339528948_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2341638980_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2370437243_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2470058123_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\252873349_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2583033358_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2638515956_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\267395131_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2680449910_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2739826237_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2857187394_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2941376458_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2964147355_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2982603958_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\2995471241_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3014950654_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3034094165_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3042771132_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3059352053_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3077990757_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3108173420_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\313800771_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3152270391_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3178084929_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\327639004_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\329594726_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3412478009_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3423676558_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3447267006_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3461387815_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3489828055_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3521209013_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3528273804_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3620835075_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3638164187_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3672456591_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3765515499_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3771744941_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3772934217_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3789642307_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3831942230_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3876198036_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\3932924787_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\397992096_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\4002827702_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\4013580911_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\4114096332_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\4229733669_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\4289512042_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\520436482_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\564275508_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\593188467_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\760359567_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\795220326_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\806635456_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\80812981_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\809254731_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\822313650_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\835374397_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\884323825_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\902749423_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\904808619_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\940126098_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\959325279_group.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data\External) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Data) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\PAV) -  File not found
Title: Re: Antispyware XP
Post by: rstoddard on March 27, 2010, 12:17:30 PM
First part (I think I got it all. It may overlap.

OTL logfile created on: 3/26/2010 11:19:47 PM - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,015.00 Mb Total Physical Memory | 415.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 49.10 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.25 Gb Free Space | 15.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HUEY
Current User Name: HP_Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/03/26 23:17:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/02/26 19:46:32 | 012,526,424 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
PRC - [2009/10/17 02:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/10/17 02:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 09:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/09/10 22:53:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/10 12:15:42 | 000,870,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/07/11 08:52:20 | 002,123,104 | ---- | M] (Tenebril) -- C:\Program Files\GhostSurf Platinum\SpyCatcher.exe
PRC - [2008/07/11 08:52:18 | 003,020,608 | ---- | M] (Tenebril Inc.) -- C:\Program Files\GhostSurf Platinum\ProtectorSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 12:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/07/14 16:36:57 | 000,107,008 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
PRC - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/10/13 08:47:22 | 000,081,920 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
PRC - [2005/09/28 00:48:48 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/09/27 23:54:42 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2005/05/09 19:16:15 | 000,192,512 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe
PRC - [2005/05/04 13:01:36 | 002,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/05/03 21:43:50 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/03 21:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2005/01/24 05:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/03/26 23:17:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2009/10/14 09:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/09/10 12:15:48 | 000,013,072 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 11:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2005/09/28 00:48:45 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009/10/17 02:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/07/11 08:52:18 | 003,020,608 | ---- | M] (Tenebril Inc.) [Auto | Running] -- C:\Program Files\GhostSurf Platinum\ProtectorSvc.exe -- (Protector)
SRV - [2006/05/15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/03/02 21:49:14 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/05 12:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {AD34AA71-F36B-6160-7CE6-4BD40C5CB10D} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.masslive.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www6.comcast.net/a/?cookieattempt=1"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.9
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 7212
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_p ort: 7212
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_po rt: 7212
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 7212
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 7212
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 7212
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 7212
FF - prefs.js..network.proxy.share_proxy_set tings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 7212
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 7212
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/02/16 23:35:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/26 23:13:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/26 23:13:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/07/09 11:55:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/03/26 23:10:32 | 000,000,000 | ---D | M]
 
[2009/10/17 23:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/10/17 23:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\[email protected]
[2010/03/26 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\extensions
[2008/12/21 07:25:28 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/09/02 19:48:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 19:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/08/20 22:27:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/20 18:53:56 | 000,001,218 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\searchplugins\comcast.xml
[2010/03/26 23:06:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/07/31 14:41:00 | 000,364,544 | ---- | M] (BrightStreet.com) -- C:\Program Files\Mozilla Firefox\plugins\NPcol305.dll
 
O1 HOSTS File: ([2010/02/07 17:42:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eFax 4.2] C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [GhostSurf Reminder] C:\Program Files\GhostSurf Platinum\Privacy Control Center.exe (Tenebril Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe (Roxio, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyCatcher.lnk = C:\Program Files\GhostSurf Platinum\SpyCatcher.exe (Tenebril)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O12 - Plugin for: .htm - C:\Program Files\Netscape\Netscape Browser\plugins\npTrident.dll (Netscape Communications Corp.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfield.com/coupons/scriptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154979291375 (WUWebControl Class)
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} http://www.gamehouse.com/games/abxgh.cab (Abx(gh) Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.115/NetCamPlayerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5211/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/07 15:20:38 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\pavipc.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\SYSTOOLS.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\PavSHook.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\pavdrv51.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\netflt.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\Teefer.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\WG3N.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\wpsdrvnt.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\pcontNT.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\netids.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\drivers\CPoint.sys) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\FwsVpn.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\WINDOWS\system32\TpUtil.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\actualiz.avi) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ADiagnst.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ADiagnst.ini) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ADialer.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ANALISIS.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ApVxdWin.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ASMDAT.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Avcic.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Avciman.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVCIMAN.INI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGDLL.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVLITE.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AvLite.ini) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVLITE.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVLtMain.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVLTMAIN.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVTASK.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\BOOTDISK.IMG) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\BOProt.XML) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\borlndmm.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\cc3250mt.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\CHMCCFG.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ComFltNt.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\COMPRESS.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\CONEXION.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Countlst.cl) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\cpdll.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Dealers.txt) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ENVIO.AVI) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\EstadUpd.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\FindAppl.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\FwAct.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\FWACT.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\FWRLS.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\global.msg) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ICL_CFG.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ICL_MTR.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\icl_trf.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\icons.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\idiomas.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ImRepAle.Dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ImRepAle.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\InstKRE.ini) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Instlsp.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\KRE.XML) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\KreCfgXM.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LangM5.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LIBXML2.DLL) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Licen_en.txt) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LITEUPG.EXE) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LTForms.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LTFORMS.MLD) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LUpgConf.exe) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\msje8tp.dat) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\NetVirus.xml) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\OSMerger.dll) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\OSshield.sig) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\panda.chp) -  File not found
O34 - HKLM BootExecute: (PFDNNT C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pav.sig) -  File not found
Title: Re: Antispyware XP
Post by: Dr Jay on March 27, 2010, 12:45:14 PM
I see you are running SoulSeek, a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm



You have old versions of Java on your system. This is dangerous because old versions have vulnerabilities.
Please go to Start > Control Panel > Add or Remove Programs (Programs and Features in Vista, Programs in 7) and remove the following (if present):

Please run OTL
Title: Re: Antispyware XP
Post by: rstoddard on March 27, 2010, 09:16:42 PM
O.K.

Here is the log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{AD34AA71-F36B-6160-7CE6-4BD40C5CB10D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD34AA71-F36B-6160-7CE6-4BD40C5CB10D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\magicjack.com\my\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\talk4free.com\reg\ deleted successfully.
Starting removal of ActiveX control {A7EA8AD2-287F-11D3-B120-006008C39542}
C:\WINDOWS\Downloaded Program Files\default.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 51587035 bytes
->Flash cache emptied: 260252 bytes
 
User: HP_Administrator
->Temp folder emptied: 13196961 bytes
->Temporary Internet Files folder emptied: 117303285 bytes
->Java cache emptied: 3314937 bytes
->FireFox cache emptied: 146764507 bytes
->Flash cache emptied: 3903313 bytes
 
User: Justin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 8775949 bytes
 
User: Justin2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Java cache emptied: 317402 bytes
->FireFox cache emptied: 33491060 bytes
->Flash cache emptied: 17490 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService.NT AUTHORITY.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService.NT AUTHORITY.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService.NT AUTHORITY.004
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService.NT AUTHORITY.005
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService.NT AUTHORITY.006
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 518248 bytes
%systemroot%\System32 .tmp files removed: 27872582 bytes
%systemroot%\System32\dllcache .tmp files removed: 31611904 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127473030 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 39608671 bytes
 
Total Files Cleaned = 580.00 mb
 
 
OTL by OldTimer - Version 3.1.37.3 log created on 03272010_225406

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_a98.dat not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF4E5B.tmp moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2kb2uh0s.default\XUL.mfl moved successfully.
File move failed. C:\WINDOWS\temp\av1.tmp scheduled to be moved on reboot.
C:\WINDOWS\temp\iswift.dat moved successfully.
C:\WINDOWS\temp\sfdb.dat moved successfully.
File\Folder C:\WINDOWS\temp\ZLT019d9.TMP not found!

Registry entries deleted on Reboot...
Title: Re: Antispyware XP
Post by: Dr Jay on March 28, 2010, 02:30:51 PM
Please download and save HelpAsst_mebroot_fix.exe (http://noahdfear.net/downloads/HelpAsst/HelpAsst_mebroot_fix.exe)
Title: Re: Antispyware XP
Post by: rstoddard on March 28, 2010, 08:11:39 PM
Hello

I have done as you instructed, but I cannot find a log. Was it supposed to appear in my desktop?
Title: Re: Antispyware XP
Post by: Dr Jay on March 28, 2010, 09:33:21 PM
Please download Stealth MBR Rootkit Detector by GMER from GMER.net (http://www2.gmer.net/mbr/mbr.exe), and save to your Desktop.
Title: Re: Antispyware XP
Post by: rstoddard on March 29, 2010, 09:06:32 PM
O.K., this is what it produced:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01749DA10
malicious code @ sector 0x01749DA13 !
PE file found in sector at 0x01749DA29 !
Title: Re: Antispyware XP
Post by: Dr Jay on March 29, 2010, 09:19:27 PM
Go here, and download SWReg:

http://www.xs4all.nl/~fstaal01/downloads/swreg.exe

When installed, go to Start | Run and type the following. You may want to copy/paste, just to make sure:

swreg add HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters /v ServiceDLL /t REG_EXPAND_SZ /d %systemroot%\System32\termsrv.dll /f

============


Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code: [Select]
cd desktop

mbr.exe -f

exit

Post a log (MBR.log).
Title: Re: Antispyware XP
Post by: rstoddard on March 30, 2010, 07:23:36 PM
Here's the log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01749DA10
malicious code @ sector 0x01749DA13 !
PE file found in sector at 0x01749DA29 !
Title: Re: Antispyware XP
Post by: Dr Jay on March 30, 2010, 08:24:30 PM
Do you have an XP cd?
Title: Re: Antispyware XP
Post by: rstoddard on March 31, 2010, 07:27:56 PM
Yes, I do.
Title: Re: Antispyware XP
Post by: Dr Jay on March 31, 2010, 09:50:04 PM
Please reboot your computer in to the setup disc, and while in setup, press "R" for the Recovery Console.

Once in the RC, type in "fixmbr" and hit Enter.

(http://suryakannan.files.wordpress.com/2009/07/fixmbr.gif)

Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.
Title: Re: Antispyware XP
Post by: rstoddard on April 02, 2010, 10:31:53 PM
Please excuse the delay. I had to work.

When I enter the recovery console, I am asked:

"Which Windows installation would you like to log into? 1=J:\I386, 2=J:\MiniNT"

Which one should I choose? ???
Title: Re: Antispyware XP
Post by: Dr Jay on April 02, 2010, 10:43:20 PM
Try option 1.
Title: Re: Antispyware XP
Post by: rstoddard on April 03, 2010, 11:48:59 AM
O.K., I have completed what you instructed.

Next step, please.
Title: Re: Antispyware XP
Post by: Dr Jay on April 03, 2010, 12:02:03 PM
Now, boot back in to XP. Re-run the MBR tool and post a log.
Title: Re: Antispyware XP
Post by: rstoddard on April 04, 2010, 10:12:24 AM
O.K., here it is:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01749DA10
malicious code @ sector 0x01749DA13 !
PE file found in sector at 0x01749DA29 !
Title: Re: Antispyware XP
Post by: Dr Jay on April 05, 2010, 08:51:33 AM
Are those J drives external, or flash?
Title: Re: Antispyware XP
Post by: rstoddard on April 06, 2010, 06:56:29 PM
Sorry for the delay. Working again.

I have an external hard drive which always shows up as N, P or O. Flash drives show up as one of those drive letters too. (Of course, I can re-assign them.) I never leave the external drive or a flash in the computer when I am not using them. They are for data only. I have no programs on them. I also scan them regularly with Zone Alarm.

Nothing ever shows up as J. When I go into "My Computer," and click on J (there's only one), the message that I receive is "Please insert disk into drive J."

Title: Re: Antispyware XP
Post by: Dr Jay on April 06, 2010, 08:33:01 PM
Ok. Remove those drives from the system please, and try to enter the Recovery Console again.

Let me know what choices you have there.
Title: Re: Antispyware XP
Post by: rstoddard on April 07, 2010, 07:52:08 PM
Actually, I didn't have those drives attached when I tried it the first time. The only other thing plugged into a USB port is Magic Jack (the telephone). So, I removed that and tried again.

Now, it gives me the choice of 1=I:\I386, 2=I:\MiniNT.
Title: Re: Antispyware XP
Post by: Dr Jay on April 12, 2010, 07:59:06 PM
Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.
(http://i40.tinypic.com/2i8vzwo.gif)

Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.
(http://i43.tinypic.com/33dxve1.gif)

Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.
(http://i44.tinypic.com/2aaby46.gif)

Then please start the scan.

The Avira AntiVir Rescue System wil now
Title: Re: Antispyware XP
Post by: rstoddard on April 14, 2010, 07:58:53 PM
Hello. I have done as you said, but the program did not appear the same as your screen shots. First of all, the Boot Options were reversed (no.. 1 was the Rescue System and no. 2 was boot from hard drive.) I don't know if that makes a difference.

Then, when I chose number 1, it went right into the Rescue System. It did not give me any of the choices as to what to scan, but went right into a scan.

It found some infections, but gave me no options. I couldn't get out of the program and had to manually reboot the system.

Should I run it again to see if it removed the infections?
Title: Re: Antispyware XP
Post by: Dr Jay on April 14, 2010, 10:46:57 PM
Sure.
Title: Re: Antispyware XP
Post by: rstoddard on April 17, 2010, 07:48:51 PM
Hello.

I ran the Avira AntiVir System again. Here are the results:

Renamed 4
Suspect Files 0
Warnings 18

The warnings were mostly about incomplete scans of certain files because parts of them were encrypted.

Other changes: Zone Alarm indicated that it had found a "new network." And, Microsoft is saying that there are updates available (I did not install them).

Does that information help any?
Title: Re: Antispyware XP
Post by: Dr Jay on April 17, 2010, 07:52:42 PM
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
Title: Re: Antispyware XP
Post by: rstoddard on April 18, 2010, 02:05:35 PM
O.K.

Here it is:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4005

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

4/18/2010 3:51:20 PM
mbam-log-2010-04-18 (15-51-20).txt

Scan type: Quick scan
Objects scanned: 187445
Time elapsed: 27 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\Application Data\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Title: Re: Antispyware XP
Post by: Dr Jay on April 18, 2010, 02:09:03 PM
Save these instructions so you can have access to them while in Safe Mode.

Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky. Leave the rest of the settings as they appear as default.
Title: Re: Antispyware XP
Post by: rstoddard on April 18, 2010, 05:33:48 PM
The setup file does not appear while in SafeMode ???
Title: Re: Antispyware XP
Post by: Dr Jay on April 18, 2010, 08:11:08 PM
Do you mean you cannot access the program, or the program's settings?
Title: Re: Antispyware XP
Post by: rstoddard on April 20, 2010, 09:30:28 AM
I mean that I do not see it on the desktop while in SafeMode.
Title: Re: Antispyware XP
Post by: Dr Jay on April 20, 2010, 09:32:38 AM
Did you try to download it again?

Reboot to Safe Mode with Networking. Does this help?
Title: Re: Antispyware XP
Post by: rstoddard on April 24, 2010, 12:15:35 PM
Hello.

I tried SafeMode with Networking. The icon for setup still does not appear on the desktop.
Title: Re: Antispyware XP
Post by: Dr Jay on April 25, 2010, 12:20:31 PM
Hmm....

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

Link:
Code: [Select]
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe


If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Title: Re: Antispyware XP
Post by: rstoddard on April 29, 2010, 09:13:22 PM
O.K., here it is:

couponprinter.exe\data012;C:\Documents and Settings\HP_Administrator\My Documents\Important Files\Program Set-Up FilesA\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe;C:\Documents and Settings\HP_Administrator\My Documents\Important Files\Program Set-Up FilesA;Container contains infected objects;Moved.;
couponprinter.exe\data012;C:\Documents and Settings\HP_Administrator\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data013;C:\Documents and Settings\HP_Administrator\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data015;C:\Documents and Settings\HP_Administrator\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data016;C:\Documents and Settings\HP_Administrator\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe;C:\Documents and Settings\HP_Administrator\Desktop;Container contains infected objects;Moved.;
Install.dat.XXX/data001\data002;C:\Documents and Settings\LocalService\Application Data\Install.dat.XXX/data001;Trojan.Fakealert.4767;;
Install.dat.XXX/data001\data003;C:\Documents and Settings\LocalService\Application Data\Install.dat.XXX/data001;Adware.Spysheriff;;
Install.dat.XXX/data001\data005;C:\Documents and Settings\LocalService\Application Data\Install.dat.XXX/data001;Adware.Spysheriff;;
data001;C:\Documents and Settings\LocalService\Application Data;Container contains infected objects;;
Install.dat.XXX;C:\Documents and Settings\LocalService\Application Data;Container contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\AOL\United States\AOL90\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\AOL\United States\AOL90\comps\coach;Archive contains infected objects;Moved.;
CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;Moved.;
CouponPrinter.ocx.XXX;C:\WINDOWS;Adware.Coupons.34;Moved.;
Title: Re: Antispyware XP
Post by: Dr Jay on April 29, 2010, 09:29:28 PM
Save these instructions so you can have access to them while in Safe Mode.

Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky. Leave the rest of the settings as they appear as default.
Title: Re: Antispyware XP
Post by: rstoddard on May 05, 2010, 06:37:28 AM
Hello: It has produced a report, but it seems that I have no way to save it. I've kept the program open. How do I save the report ???
Title: Re: Antispyware XP
Post by: Dr Jay on May 05, 2010, 05:31:29 PM
You can copy and paste the results to Notepad and save it that way.
Title: Re: Antispyware XP
Post by: rstoddard on May 06, 2010, 09:16:24 PM
Well, I'm not having much luck with Kaspersky. I've tried it three times, and each time when I try to cut and paste the contents of the report, it causes my system to freeze (I get the message that it's "not responding")

So, I waited a while and the hour glass was still there. I had to close the program, and--of course--it uninstalled itself. I have no idea if it removed anything, but the report was very short.

The computer is working fine, but I can't help but to think that something else is lurking in there.

Any ideas for further action?
Title: Re: Antispyware XP
Post by: Dr Jay on May 06, 2010, 11:37:42 PM
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
Title: Re: Antispyware XP
Post by: rstoddard on May 08, 2010, 02:23:05 PM
Well, it looks like it didn't find anything ::)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/8/2010 4:16:03 PM
mbam-log-2010-05-08 (16-16-03).txt

Scan type: Quick scan
Objects scanned: 204346
Time elapsed: 25 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Title: Re: Antispyware XP
Post by: Dr Jay on May 08, 2010, 08:34:21 PM
Please run Panda ActiveScan (http://www.pandasecurity.com/activescan/index/) online scan.
Title: Re: Antispyware XP
Post by: rstoddard on May 10, 2010, 09:16:02 PM
Well, now, this found something:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-05-10 07:46:53
PROTECTIONS: 1
MALWARE: 40
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
ZoneAlarm Security Suite Antivirus           9.1.507.000                   Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139059  Cookie/Traffic Marketplace         TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@trafficmp[1].txt
00139060  Cookie/Casalemedia                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@casalemedia[2].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\documents and settings\justin2\application data\netscape\nsb\profiles\bsaruoks.default\cookies.txt[.doubleclick.net/]
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@doubleclick[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\application data\netscape\nsb\profiles\h6nrp0si.default\cookies.txt[.doubleclick.net/]
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\application data\netscape\nsb\profiles\h6nrp0si.default\cookies.txt[.atdmt.com/]
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@atdmt[2].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\application data\netscape\nsb\profiles\h6nrp0si.default\cookies.txt[.atdmt.com/]
00145393  Cookie/Tradedoubler                TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@tradedoubler[2].txt
00145405  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@247realmedia[1].txt
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@fastclick[1].txt
00145731  Cookie/Tribalfusion                TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@tribalfusion[2].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@mediaplex[1].txt
00145807  Cookie/Linksynergy                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@linksynergy[2].txt
00159564  Cookie/WUpd                        TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@revenue[2].txt
00167642  Cookie/Com.com                     TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\cookies\hp_administrator@com[1].txt
00167642  Cookie/Com.com                     TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@com[1].txt
00167647  Cookie/Yadro                       TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@yadro[1].txt
00167747  Cookie/Azjmp                       TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@azjmp[2].txt
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@statcounter[2].txt
00167760  Cookie/Hitslink                    TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][1].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][2].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@apmebf[1].txt
00168076  Cookie/BurstNet                    TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@burstnet[1].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@serving-sys[2].txt
00168093  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][2].txt
00168097  Cookie/BurstBeacon                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][1].txt
00168110  Cookie/Server.iad.Liveperson       TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][1].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\justin2\application data\netscape\nsb\profiles\bsaruoks.default\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\justin2\application data\netscape\nsb\profiles\bsaruoks.default\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\justin2\application data\netscape\nsb\profiles\bsaruoks.default\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\application data\netscape\nsb\profiles\h6nrp0si.default\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\application data\netscape\nsb\profiles\h6nrp0si.default\cookies.txt[.advertising.com/]
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@advertising[1].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\documents and settings\justin2\application data\netscape\nsb\profiles\bsaruoks.default\cookies.txt[.advertising.com/]
00170304  Cookie/WebtrendsLive               TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][2].txt
00170495  Cookie/PointRoll                   TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][2].txt
00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@overture[2].txt
00170556  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@realmedia[2].txt
00171982  Cookie/QuestionMarket              TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@questionmarket[2].txt
00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@zedo[1].txt
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@bluestreak[1].txt
00187950  Cookie/bravenetA                   TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@bravenet[1].txt
00194327  Cookie/Go                          TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\cookies\hp_administrator@go[2].txt
00194327  Cookie/Go                          TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@go[1].txt
00199984  Cookie/Searchportal                TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\cookies\[email protected][2].txt
00199984  Cookie/Searchportal                TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][2].txt
00207338  Cookie/Target                      TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\hp_administrator@target[1].txt
00207338  Cookie/Target                      TrackingCookie      No        0         Yes            No           c:\helpasst_backup\c\docume~1\helpas~1\cookies\hp_administrator@target[1].txt
00262020  Cookie/Atwola                      TrackingCookie      No        0         Yes            No           c:\documents and settings\justin2\application data\netscape\nsb\profiles\bsaruoks.default\cookies.txt[.atwola.com/]
00286738  Cookie/Cgi-bin                     TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][1].txt
00298827  Adware/BraveSentry                 Adware              No        0         Yes            No           c:\documents and settings\hp_administrator\doctorweb\quarantine\install.dat.xxx
00325830  Cookie/Bridgetrack                 TrackingCookie      No        0         Yes            No           c:\documents and settings\hp_administrator\cookies\[email protected][1].txt
02002567  W32/Gaobot.OXI.worm                Virus/Worm          No        1         Yes            No           c:\documents and settings\hp_administrator\my documents\important files\important files\program set-up filesa\dvdfabdecrypter3030.exe
02002567  W32/Gaobot.OXI.worm                Virus/Worm          No        1         Yes            No           c:\documents and settings\hp_administrator\my documents\important files\program set-up filesa\dvdfabdecrypter3030.exe
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
No        c:\hp\recovery\wizard\swr_wizard.exe
No        c:\program files\hijackthis\backups\backup-20080120-122631-948.dll
No        c:\program files\spymedic\spymedicupdater.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
208380    HIGH           MS09-015
208378    HIGH           MS09-013
208377    HIGH           MS09-012
;===================================================================================================================================================================================
Title: Re: Antispyware XP
Post by: Dr Jay on May 10, 2010, 09:21:16 PM
Please download HAMeb_check.exe (http://noahdfear.net/downloads/HAMeb_check.exe) and save it to your desktop.
Title: Re: Antispyware XP
Post by: rstoddard on May 15, 2010, 07:29:15 PM
Here is the log:

C:\Documents and Settings\HP_Administrator\Desktop\HAMeb_check.exe
Sat 05/15/2010 at 21:31:54.74

Account active               No
Local Group Memberships     

 ~~ Checking profile list ~~

No HelpAssistant profile in registry

 ~~ Checking for HelpAssistant directories ~~

none found

 ~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01749DA10
malicious code @ sector 0x01749DA13 !
PE file found in sector at 0x01749DA29 !

 ~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
   ServiceDll   REG_EXPAND_SZ     C:\WINDOWS\System32\termsrv.dll

 ~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


 ~~ EOF ~~
Title: Re: Antispyware XP
Post by: Dr Jay on May 16, 2010, 10:02:15 PM
Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code: [Select]
mbr.exe -f

exit

Post a log (MBR.log).
Title: Re: Antispyware XP
Post by: rstoddard on May 17, 2010, 08:44:29 PM
O.K., here it is:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01749DA10
malicious code @ sector 0x01749DA13 !
PE file found in sector at 0x01749DA29 !
Title: Re: Antispyware XP
Post by: Dr Jay on May 18, 2010, 01:57:09 PM
Do that once more and post a log, please.
Title: Re: Antispyware XP
Post by: pwnagemaster on May 19, 2010, 05:34:38 PM
Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster Jay
Title: Re: Antispyware XP
Post by: rstoddard on May 19, 2010, 08:12:13 PM
O.K., here it is once more:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01749DA10
malicious code @ sector 0x01749DA13 !
PE file found in sector at 0x01749DA29 !
Title: Re: Antispyware XP
Post by: Dr Jay on May 19, 2010, 08:19:19 PM
Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)

Click on the Accept button and install any components it needs.
Title: Re: Antispyware XP
Post by: rstoddard on May 22, 2010, 02:01:11 PM
There is nothing in the report. I ran it twice. I disabled Zone Alarm each time, as instructed.
Title: Re: Antispyware XP
Post by: Dr Jay on May 22, 2010, 03:32:01 PM
Ok. Good.

Now, what issues are plaguing your computer at this point?
Title: Re: Antispyware XP
Post by: rstoddard on May 24, 2010, 11:27:39 AM
None that I can see.

Am I done?
Title: Re: Antispyware XP
Post by: Dr Jay on May 24, 2010, 06:51:40 PM
Sure.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
You now have a clean restore point, to get rid of the bad ones:
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer:
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
==

Download Security Check by screen317 from SpywareInfoforum.org (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or Changelog.fr (http://screen317.changelog.fr/SecurityCheck.exe).
Title: Re: Antispyware XP
Post by: rstoddard on May 26, 2010, 10:50:26 AM
O.K. Here it is:

 Results of screen317's Security Check version 0.99.4 
 Windows XP Service Pack 3 
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

 Windows Firewall Disabled! 
 ZoneAlarm Security Suite   
 ZoneAlarm Toolbar     
 Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:

 Out of date HijackThis installed!
 Malwarebytes' Anti-Malware   
 Hijackthis 1.99.1   
 HijackThis 2.0.2   
 CCleaner     
 Java(TM) 6 Update 18 
 Out of date Java installed!
 Adobe Flash Player 10.0.32.18 
Adobe Reader 9.3.1
````````````````````````````````
Process Check: 
objlist.exe by Laurent

 Zone Labs ZoneAlarm zlclient.exe 
````````````````````````````````
DNS Vulnerability Check:

 Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````
Title: Re: Antispyware XP
Post by: Dr Jay on May 26, 2010, 02:17:10 PM
Please download the newest version of Java from Java.com (http://www.java.com/en/download/manual.jsp).

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

====================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpywareNOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm (http://www.spywarewarrior.com/rogue_anti-spyware.htm)

Securing your computerPlease consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:
See this page (http://www.helpmyos.com/learn-security-f40/preventing-malware-and-being-resistant-to-the-dangers-of-the-internet-t1516.htm) for more info about malware and prevention.