papajohn41

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1800\A0471679.dll a variant of Win32/Toolbar.Babylon.E application C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1800\A0471680.exe a variant of Win32/Toolbar.Babylon.E application

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.19.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 HP_Administrator :: MINE [administrator] 4/19/2013 2:39:17 PM mbam-log-2013-04-19 (14-39-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 240746 Time elapsed: 22 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:26:24 PM, on 4/19/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\arservice.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\progra~1\common~1\instal~1\update~1\issch.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\AVG SafeGuard toolbar\vprot.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis(1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iSUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (file missing) O23 - Service: vToolbarUpdater15.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 11284 bytes Everything seems to running good at this time. Thank you!

Thank you for being so understanding and patient with me. 1310 1310_Help 1310Tour 1310Trb 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Adobe Shockwave Player 11.6 AiO_Scan AiO_Scan_CDA AiOSoftware AiOSoftwareNPI Anti-Spyware Apple Application Support Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver Authentium AVG 2013 Bonjour BufferChm C4580 CameraDrivers CCleaner Copy Coupon Printer for Windows CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_LightScribePlugin CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config CueTour Defraggler Destination Component DeviceDiscovery DeviceManagementQFolder DISCover DocProc DocumentViewer DocumentViewerQFolder Enhanced Multimedia Keyboard Solution Fax Fax_CDA GdiplusUpgrade Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB954550-v5) HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Imaging Device Functions 12.0 HP Product Detection HP Update HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HpSdpAppCoreApp InstantShareAlert InstantShareDevices InterVideo WinDVD Player iTunes Java 7 Update 17 Java Auto Updater Macromedia Shockwave Player magicJack Media Center Extender Microsoft .NET Framework 1.0 Security Update (KB2698035) Microsoft .NET Framework 1.0 Security Update (KB2742607) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Automated Troubleshooting Services Shim Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Edition 60 Days Trial Welcome Tour Microsoft Office File Validation Add-In Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MobileMe Control Panel Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MP3 Player Utilities 3.5.02 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 4.5 muvee autoProducer unPlugged 1.2 Network NewCopy NewCopy_CDA Otto PanoStandAlone PC-Doctor 5 for Windows PhotoGallery ProductContext PS_AIO_04_C4580_Software_Min PS2 PSPrinters08 PSTAPlugin Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QuickTime RandMap Readme Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) SkinsHP1 SmartWebPrinting SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Status swMSM Toolbox TrayApp Unload UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2598845) Updates from HP (remove only) WebFldrs XP WebReg Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 winpcap-r 4.1B Yahoo! Messenger Yahoo! Toolbar

I am sorry I have been sick for the past few days. I will do this as soon as possible this evening. I am very sorry for the delay.

ComboFix 13-04-15.01 - HP_Administrator 04/15/2013 13:04:03.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.170 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript2.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\iun6002.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\dumphive.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 ))))))))))))))))))))))))))))))) . . 2013-04-15 00:42 . 2013-04-15 00:43 -------- d-----w- c:\program files\CCleaner 2013-04-12 06:01 . 2013-04-12 06:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG2013 2013-04-12 05:59 . 2013-04-12 05:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013 2013-04-12 05:58 . 2013-04-12 05:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2013 2013-04-12 05:56 . 2013-04-12 05:56 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AVG SafeGuard toolbar 2013-04-12 05:55 . 2013-04-12 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar 2013-04-12 05:55 . 2013-04-12 05:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG SafeGuard toolbar 2013-04-12 05:54 . 2013-04-12 05:52 34592 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-04-12 05:54 . 2013-04-12 05:55 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2013-04-12 05:54 . 2013-04-12 05:54 -------- d-----w- c:\program files\AVG SafeGuard toolbar 2013-04-12 05:43 . 2013-04-12 05:43 -------- d-----w- C:\$AVG 2013-04-12 05:43 . 2013-04-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013 2013-04-12 05:23 . 2013-04-12 05:23 -------- d-----w- c:\windows\system32\wbem\Repository\FS 2013-04-12 05:23 . 2013-04-12 05:23 -------- d-----w- c:\windows\system32\wbem\Repository 2013-04-12 05:20 . 2013-04-12 07:45 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Avg2013 2013-04-11 17:53 . 2013-04-11 17:53 -------- d-----w- c:\windows\system32\wbem\repository.old 2013-04-11 16:37 . 2013-04-11 16:37 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sun 2013-04-11 15:26 . 2013-04-11 15:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-11 15:25 . 2013-04-11 15:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-21 18:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-21 18:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 15:24 . 2012-07-05 16:58 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-04-11 15:24 . 2010-08-17 00:47 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 17:34 . 2012-05-08 19:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 17:34 . 2011-07-11 18:19 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 08:36 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2004-08-10 19:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2004-08-10 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2004-08-10 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2004-08-10 12:00 385024 ------w- c:\windows\system32\html.iec 2013-03-01 15:32 . 2013-03-01 15:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-27 07:56 . 2004-08-10 12:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-27 04:40 . 2013-02-27 04:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-02-14 08:52 . 2013-02-14 08:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-02-12 00:32 . 2008-08-26 01:41 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-10 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 09:37 . 2013-02-08 09:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-02-08 09:37 . 2013-02-08 09:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-02-08 09:37 . 2013-02-08 09:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-01-26 03:55 . 2004-08-10 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-04-15 00:24 . 2013-04-15 00:24 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-08-01 1073152] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2004-07-28 81920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] "vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-04-12 1223344] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=c:\windows\pss\Updates from HP.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "AlwaysReady Power Message APP"=ARPWRMSG.EXE "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\hp\\support\\HPSysInfo.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:*:Disabled:Remote Media Center Experience "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "1433:TCP"= 1433:TCP:SOS Port 1433 "9901:TCP"= 9901:TCP:HP Photosmart C4500 . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 182072] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4/12/2013 12:54 AM 34592] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624] R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [4/12/2013 12:54 AM 1008816] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [10/17/2006 1:09 PM 35072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:34] . 2013-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 00:04] . 2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 00:04] . 2013-04-12 c:\windows\Tasks\{4A1C225C-92AC-485D-8640-A636C17BAEF7}_SHAWN_HP_Administrator.job - c:\windows\system32\mobsync.exe [2004-08-10 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: target.com\www Trusted Zone: trymedia.com TCP: DhcpNameServer = 10.10.10.5 10.10.10.6 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - ExtSQL: 2013-04-12 00:55; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2 FF - ExtSQL: 2013-04-12 02:23; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF - ExtSQL: !HIDDEN! 2011-07-26 21:02; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-15 13:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1080) c:\windows\system32\Ati2evxx.dll . Completion time: 2013-04-15 13:22:58 ComboFix-quarantined-files.txt 2013-04-15 18:22 ComboFix2.txt 2013-04-15 00:02 ComboFix3.txt 2013-04-13 18:04 . Pre-Run: 28,010,053,632 bytes free Post-Run: 27,922,640,896 bytes free . - - End Of File - - 6377A57CC0B5DCEB3C8C8486595C8E30 So far things are going smooth. Thank you for all of your help and speedy responses. I greatly appreciate it!!!

Just wanted to let you know I just updated Adobe Reader to the latest version. How can I delete Webroot SecureAnywhere? I really do not want that on here. I have searched this computer the best of my knowledge and cannot find it on here.

ComboFix 13-04-14.01 - HP_Administrator 04/14/2013 18:41:47.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.156 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904} . . ((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 ))))))))))))))))))))))))))))))) . . 2013-04-13 04:31 . 2004-08-10 12:00 7168 ----a-w- c:\windows\system32\dllcache\OLD97.tmp 2013-04-13 04:31 . 2007-04-02 16:36 16384 ----a-w- c:\windows\system32\dllcache\OLD94.tmp 2013-04-13 04:31 . 2008-04-14 00:12 32827 ----a-w- c:\windows\system32\dllcache\OLD91.tmp 2013-04-13 04:31 . 2008-04-14 00:12 16437 ----a-w- c:\windows\system32\dllcache\OLD8E.tmp 2013-04-13 04:31 . 2008-04-14 00:12 20536 ----a-w- c:\windows\system32\dllcache\OLD8B.tmp 2013-04-13 04:31 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\OLD88.tmp 2013-04-13 04:30 . 2013-03-07 01:28 2193408 ----a-w- c:\windows\system32\dllcache\OLD84.tmp 2013-04-13 04:29 . 2004-08-10 12:00 19968 ----a-w- c:\windows\system32\dllcache\OLD81.tmp 2013-04-13 04:29 . 2004-08-10 12:00 7680 ----a-w- c:\windows\system32\dllcache\OLD7E.tmp 2013-04-13 04:27 . 2008-04-14 00:11 49212 ----a-w- c:\windows\system32\dllcache\OLD47.tmp 2013-04-13 04:27 . 2008-04-14 00:11 32826 ----a-w- c:\windows\system32\dllcache\OLD44.tmp 2013-04-13 04:27 . 2008-04-14 00:11 41020 ----a-w- c:\windows\system32\dllcache\OLD41.tmp 2013-04-13 04:27 . 2008-04-14 00:11 102509 ----a-w- c:\windows\system32\dllcache\OLD3E.tmp 2013-04-13 04:27 . 2008-04-14 00:11 49210 ----a-w- c:\windows\system32\dllcache\OLD3B.tmp 2013-04-13 04:27 . 2008-04-14 00:11 147513 ----a-w- c:\windows\system32\dllcache\OLD38.tmp 2013-04-13 04:27 . 2008-04-14 00:11 82035 ----a-w- c:\windows\system32\dllcache\OLD35.tmp 2013-04-13 04:27 . 2008-04-14 00:11 184435 ----a-w- c:\windows\system32\dllcache\OLD32.tmp 2013-04-13 04:25 . 2008-04-14 00:09 76288 ----a-w- c:\windows\system32\dllcache\OLD2C.tmp 2013-04-13 04:25 . 2008-04-14 00:12 188480 ----a-w- c:\windows\system32\dllcache\OLD29.tmp 2013-04-13 04:25 . 2008-04-14 00:09 275968 ----a-w- c:\windows\system32\dllcache\OLD25.tmp 2013-04-13 04:25 . 2004-08-10 12:00 94720 ----a-w- c:\windows\system32\dllcache\OLD22.tmp 2013-04-13 04:25 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\OLD19.tmp 2013-04-13 04:25 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\OLD16.tmp 2013-04-13 04:24 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\OLD5.tmp 2013-04-13 04:23 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\OLD2.tmp 2013-04-13 04:23 . 2013-04-13 04:31 -------- d-----w- c:\windows\LastGood 2013-04-12 06:01 . 2013-04-12 06:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG2013 2013-04-12 05:59 . 2013-04-12 05:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013 2013-04-12 05:58 . 2013-04-12 05:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2013 2013-04-12 05:56 . 2013-04-12 05:56 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AVG SafeGuard toolbar 2013-04-12 05:55 . 2013-04-12 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar 2013-04-12 05:55 . 2013-04-12 05:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG SafeGuard toolbar 2013-04-12 05:54 . 2013-04-12 05:52 34592 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-04-12 05:54 . 2013-04-12 05:55 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2013-04-12 05:54 . 2013-04-12 05:54 -------- d-----w- c:\program files\AVG SafeGuard toolbar 2013-04-12 05:43 . 2013-04-12 05:43 -------- d-----w- C:\$AVG 2013-04-12 05:43 . 2013-04-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013 2013-04-12 05:23 . 2013-04-12 05:23 -------- d-----w- c:\windows\system32\wbem\Repository\FS 2013-04-12 05:23 . 2013-04-12 05:23 -------- d-----w- c:\windows\system32\wbem\Repository 2013-04-12 05:20 . 2013-04-12 07:45 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Avg2013 2013-04-11 17:53 . 2013-04-11 17:53 -------- d-----w- c:\windows\system32\wbem\repository.old 2013-04-11 16:37 . 2013-04-11 16:37 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sun 2013-04-11 15:26 . 2013-04-11 15:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-11 15:25 . 2013-04-11 15:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-21 18:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-21 18:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 15:24 . 2012-07-05 16:58 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-04-11 15:24 . 2010-08-17 00:47 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 17:34 . 2012-05-08 19:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 17:34 . 2011-07-11 18:19 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 08:36 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2004-08-10 19:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2004-08-10 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2004-08-10 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2004-08-10 12:00 385024 ------w- c:\windows\system32\html.iec 2013-03-01 15:32 . 2013-03-01 15:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-27 07:56 . 2004-08-10 12:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-27 04:40 . 2013-02-27 04:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-02-14 08:52 . 2013-02-14 08:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-02-12 00:32 . 2008-08-26 01:41 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-10 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 09:37 . 2013-02-08 09:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-02-08 09:37 . 2013-02-08 09:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-02-08 09:37 . 2013-02-08 09:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-01-26 03:55 . 2004-08-10 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-04-12 05:39 . 2013-04-12 05:35 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2013-03-25 3497240] "cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-08-01 1073152] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2004-07-28 81920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] "vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-04-12 1223344] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=c:\windows\pss\Updates from HP.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "AlwaysReady Power Message APP"=ARPWRMSG.EXE "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\hp\\support\\HPSysInfo.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:*:Disabled:Remote Media Center Experience "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "1433:TCP"= 1433:TCP:SOS Port 1433 "9901:TCP"= 9901:TCP:HP Photosmart C4500 . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 182072] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4/12/2013 12:54 AM 34592] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [10/17/2006 1:09 PM 35072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:34] . 2013-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 00:04] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 00:04] . 2013-04-12 c:\windows\Tasks\{4A1C225C-92AC-485D-8640-A636C17BAEF7}_SHAWN_HP_Administrator.job - c:\windows\system32\mobsync.exe [2004-08-10 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: target.com\www Trusted Zone: trymedia.com TCP: DhcpNameServer = 10.10.10.5 10.10.10.6 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - ExtSQL: 2013-04-12 00:55; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2 FF - ExtSQL: 2013-04-12 02:23; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF - ExtSQL: !HIDDEN! 2011-07-26 21:02; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-14 18:57 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3604) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~1\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-04-14 19:02:52 ComboFix-quarantined-files.txt 2013-04-15 00:02 ComboFix2.txt 2013-04-13 18:04 . Pre-Run: 28,240,826,368 bytes free Post-Run: 28,198,912,000 bytes free . - - End Of File - - 9C892A3649EEF32B3EE9E3AEA509A08A So far everything seems to be running much smoother. Thank you!!

ComboFix 13-04-12.02 - HP_Administrator 04/13/2013 12:40:02.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.130 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Administrator\WINDOWS c:\windows\system32\83D3456E9C.dll c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\4f92a6e31c5812f4.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6648575685e22613.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\aa2312f7e9ba955d.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\ps2.bat c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 ))))))))))))))))))))))))))))))) . . 2013-04-13 04:31 . 2004-08-10 12:00 7168 ----a-w- c:\windows\system32\dllcache\OLD97.tmp 2013-04-13 04:31 . 2007-04-02 16:36 16384 ----a-w- c:\windows\system32\dllcache\OLD94.tmp 2013-04-13 04:31 . 2008-04-14 00:12 32827 ----a-w- c:\windows\system32\dllcache\OLD91.tmp 2013-04-13 04:31 . 2008-04-14 00:12 16437 ----a-w- c:\windows\system32\dllcache\OLD8E.tmp 2013-04-13 04:31 . 2008-04-14 00:12 20536 ----a-w- c:\windows\system32\dllcache\OLD8B.tmp 2013-04-13 04:31 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\OLD88.tmp 2013-04-13 04:30 . 2013-03-07 01:28 2193408 ----a-w- c:\windows\system32\dllcache\OLD84.tmp 2013-04-13 04:29 . 2004-08-10 12:00 19968 ----a-w- c:\windows\system32\dllcache\OLD81.tmp 2013-04-13 04:29 . 2004-08-10 12:00 7680 ----a-w- c:\windows\system32\dllcache\OLD7E.tmp 2013-04-13 04:27 . 2008-04-14 00:11 49212 ----a-w- c:\windows\system32\dllcache\OLD47.tmp 2013-04-13 04:27 . 2008-04-14 00:11 32826 ----a-w- c:\windows\system32\dllcache\OLD44.tmp 2013-04-13 04:27 . 2008-04-14 00:11 41020 ----a-w- c:\windows\system32\dllcache\OLD41.tmp 2013-04-13 04:27 . 2008-04-14 00:11 102509 ----a-w- c:\windows\system32\dllcache\OLD3E.tmp 2013-04-13 04:27 . 2008-04-14 00:11 49210 ----a-w- c:\windows\system32\dllcache\OLD3B.tmp 2013-04-13 04:27 . 2008-04-14 00:11 147513 ----a-w- c:\windows\system32\dllcache\OLD38.tmp 2013-04-13 04:27 . 2008-04-14 00:11 82035 ----a-w- c:\windows\system32\dllcache\OLD35.tmp 2013-04-13 04:27 . 2008-04-14 00:11 184435 ----a-w- c:\windows\system32\dllcache\OLD32.tmp 2013-04-13 04:25 . 2008-04-14 00:09 76288 ----a-w- c:\windows\system32\dllcache\OLD2C.tmp 2013-04-13 04:25 . 2008-04-14 00:12 188480 ----a-w- c:\windows\system32\dllcache\OLD29.tmp 2013-04-13 04:25 . 2008-04-14 00:09 275968 ----a-w- c:\windows\system32\dllcache\OLD25.tmp 2013-04-13 04:25 . 2004-08-10 12:00 94720 ----a-w- c:\windows\system32\dllcache\OLD22.tmp 2013-04-13 04:25 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\OLD19.tmp 2013-04-13 04:25 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\OLD16.tmp 2013-04-13 04:24 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\OLD5.tmp 2013-04-13 04:23 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\OLD2.tmp 2013-04-13 04:23 . 2013-04-13 04:31 -------- d-----w- c:\windows\LastGood 2013-04-12 06:01 . 2013-04-12 06:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG2013 2013-04-12 05:59 . 2013-04-12 05:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013 2013-04-12 05:58 . 2013-04-12 05:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2013 2013-04-12 05:56 . 2013-04-12 05:56 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AVG SafeGuard toolbar 2013-04-12 05:55 . 2013-04-12 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar 2013-04-12 05:55 . 2013-04-12 05:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG SafeGuard toolbar 2013-04-12 05:54 . 2013-04-12 05:52 34592 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-04-12 05:54 . 2013-04-12 05:55 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2013-04-12 05:54 . 2013-04-12 05:54 -------- d-----w- c:\program files\AVG SafeGuard toolbar 2013-04-12 05:43 . 2013-04-12 05:43 -------- d-----w- C:\$AVG 2013-04-12 05:43 . 2013-04-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013 2013-04-12 05:23 . 2013-04-12 05:23 -------- d-----w- c:\windows\system32\wbem\Repository\FS 2013-04-12 05:23 . 2013-04-12 05:23 -------- d-----w- c:\windows\system32\wbem\Repository 2013-04-12 05:20 . 2013-04-12 07:45 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Avg2013 2013-04-11 17:53 . 2013-04-11 17:53 -------- d-----w- c:\windows\system32\wbem\repository.old 2013-04-11 16:37 . 2013-04-11 16:37 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sun 2013-04-11 15:26 . 2013-04-11 15:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-11 15:25 . 2013-04-11 15:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-21 18:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-21 18:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 15:24 . 2012-07-05 16:58 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-04-11 15:24 . 2010-08-17 00:47 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 17:34 . 2012-05-08 19:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 17:34 . 2011-07-11 18:19 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 08:36 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2004-08-10 19:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2004-08-10 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2004-08-10 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2004-08-10 12:00 385024 ------w- c:\windows\system32\html.iec 2013-03-01 15:32 . 2013-03-01 15:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-27 07:56 . 2004-08-10 12:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-27 04:40 . 2013-02-27 04:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-02-14 08:52 . 2013-02-14 08:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-02-12 00:32 . 2008-08-26 01:41 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-10 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 09:37 . 2013-02-08 09:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-02-08 09:37 . 2013-02-08 09:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-02-08 09:37 . 2013-02-08 09:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-01-26 03:55 . 2004-08-10 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-04-12 05:39 . 2013-04-12 05:35 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2013-03-25 3497240] "cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-08-01 1073152] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2004-07-28 81920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] "vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-04-12 1223344] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=c:\windows\pss\Updates from HP.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "AlwaysReady Power Message APP"=ARPWRMSG.EXE "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\hp\\support\\HPSysInfo.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:*:Disabled:Remote Media Center Experience "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "1433:TCP"= 1433:TCP:SOS Port 1433 "9901:TCP"= 9901:TCP:HP Photosmart C4500 . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 182072] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4/12/2013 12:54 AM 34592] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [10/17/2006 1:09 PM 35072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:34] . 2013-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 00:04] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 00:04] . 2013-04-12 c:\windows\Tasks\{4A1C225C-92AC-485D-8640-A636C17BAEF7}_SHAWN_HP_Administrator.job - c:\windows\system32\mobsync.exe [2004-08-10 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: target.com\www Trusted Zone: trymedia.com TCP: DhcpNameServer = 10.10.10.5 10.10.10.6 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - ExtSQL: 2013-04-12 00:55; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2 FF - ExtSQL: 2013-04-12 02:23; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF - ExtSQL: !HIDDEN! 2011-07-26 21:02; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 . - - - - ORPHANS REMOVED - - - - . BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-13 12:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\Ati2evxx.dll . Completion time: 2013-04-13 13:04:05 ComboFix-quarantined-files.txt 2013-04-13 18:03 . Pre-Run: 27,818,672,128 bytes free Post-Run: 28,287,963,136 bytes free . - - End Of File - - B0179266CA22FF0F22A528FEB79F7FC0 It is running better. Thank you

Hi Gringo! I apologize for the delayed response. When running the Combofix program I get a pop up message that says "Webroot SecureAnywhere Antivirus" is running, and running Combofix will be at my own risk. So I have searched my computer as much as I know how to and have not found Webroot SecureAnywhere Antivirus anywhere on my computer. I am at a standstill. Do you have any suggestions?

Results of screen317's Security Check version 0.99.62 Windows XP Service Pack 3 x86 (UAC is disabled!) Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Internet Security 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Anti-Spyware CCleaner Java 7 Update 17 Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` # AdwCleaner v2.200 - Logfile created 04/11/2013 at 11:26:51 # Updated 02/04/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : HP_Administrator - MINE # Boot Mode : Normal # Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\searchplugins\Askcom.xml File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\searchplugins\Conduit.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\Billeo Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Babylon Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\BabylonToolbar Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\Conduit Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\ConduitCommon Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\FCTB Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PackageAware Folder Deleted : C:\Program Files\BabylonToolbar Folder Deleted : C:\Program Files\Viewpoint ***** [Registry] ***** Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465E08E7-F005-4389-980F-1D8764B3486C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\OpenCandy Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120406837E4644979E4149140DAD7B --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (en-US) File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\prefs.js C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\user.js ... Deleted ! Deleted : user_pref("CT2559647..clientLogIsEnabled", false); Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2559647.AppTrackingLastCheckTime", "Sat Dec 31 2011 12:30:46 GMT-0600 (Central Standard[...] Deleted : user_pref("CT2559647.CTID", "CT2559647"); Deleted : user_pref("CT2559647.CurrentServerDate", "31-12-2011"); Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Wed Dec 28 2011 20:33:00 GMT-0600 (Central Standa[...] Deleted : user_pref("CT2559647.DownloadReferralCookieData", ""); Deleted : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Sat Dec 31 2011 13:15:52 GMT-060[...] Deleted : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Sat Dec 31 2011 13:15:54 GMT-060[...] Deleted : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Sat Dec 31 2011 13:15:54 GMT-060[...] Deleted : user_pref("CT2559647.FirstServerDate", "20-4-2011"); Deleted : user_pref("CT2559647.FirstTime", true); Deleted : user_pref("CT2559647.FirstTimeFF3", true); Deleted : user_pref("CT2559647.FixPageNotFoundErrors", true); Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2559647.HasUserGlobalKeys", true); Deleted : user_pref("CT2559647.HomePageProtectorEnabled", false); Deleted : user_pref("CT2559647.Initialize", true); Deleted : user_pref("CT2559647.InitializeCommonPrefs", true); Deleted : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2559647.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2559647.InstalledDate", "Tue Apr 19 2011 23:19:09 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT2559647.IsAlertDBUpdated", true); Deleted : user_pref("CT2559647.IsGrouping", false); Deleted : user_pref("CT2559647.IsMulticommunity", false); Deleted : user_pref("CT2559647.IsOpenThankYouPage", false); Deleted : user_pref("CT2559647.IsOpenUninstallPage", false); Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Sat Dec 31 2011 12:30:29 GMT-0600 (Central Standar[...] Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2559647.LastLogin_3.3.3.2", "Wed Aug 17 2011 20:32:47 GMT-0500 (Central Daylight Time)"[...] Deleted : user_pref("CT2559647.LastLogin_3.6.0.10", "Fri Sep 30 2011 18:38:27 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2559647.LastLogin_3.7.0.6", "Wed Dec 28 2011 20:32:52 GMT-0600 (Central Standard Time)"[...] Deleted : user_pref("CT2559647.LastLogin_3.8.1.0", "Sat Dec 31 2011 12:30:36 GMT-0600 (Central Standard Time)"[...] Deleted : user_pref("CT2559647.LatestVersion", "3.8.1.0"); Deleted : user_pref("CT2559647.Locale", "en"); Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2559647.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2559647.SearchEngineBeforeUnload", "Google"); Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...] Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true); Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Sat Dec 31 2011 12:30:43 GMT-0600 (Central Stand[...] Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT2559647.SearchProtectorEnabled", false); Deleted : user_pref("CT2559647.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Sat Dec 31 2011 12:30:03 GMT-0600 (Central Standard [...] Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Sat Dec 31 2011 12:30:27 GMT-0600 (Central Standard Ti[...] Deleted : user_pref("CT2559647.SettingsLastUpdate", "1321973055"); Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Sun Dec 18 2011 19:21:04 GMT-0600 (Central Sta[...] Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1312887586"); Deleted : user_pref("CT2559647.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647"); Deleted : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2559647.UserID", "UN44267254307856774"); Deleted : user_pref("CT2559647.ValidationData_Search", 1); Deleted : user_pref("CT2559647.ValidationData_Toolbar", 2); Deleted : user_pref("CT2559647.alertChannelId", "952537"); Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Sat Dec 31 2011 12:30:36 GMT-0600 (Central [...] Deleted : user_pref("CT2559647.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2559647.initDone", true); Deleted : user_pref("CT2559647.isAppTrackingManagerOn", true); Deleted : user_pref("CT2559647.myStuffEnabled", true); Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129404749084494749,129[...] Deleted : user_pref("CT2559647.revertSettingsEnabled", false); Deleted : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2559647.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2559647.testingCtid", ""); Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Sat Dec 31 2011 12:30:36 GMT-0600 (Central S[...] Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Sun Dec 18 2011 19:21:08 GMT-0600 (Central S[...] Deleted : user_pref("CT2559647.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2559647"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2559647&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbf[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\HP_Administrator\\[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2559647"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Apr 19 2011 23:19:11 GMT-05[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Aug 17 2011 20:32:46 GMT-0500 (Centr[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 17 2011 20:32:43 GMT-0500 (Central D[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "18a5d2cc-d814-4d12-9c2e-fc44ddfec0de"); Deleted : user_pref("CommunityToolbar.globalUserId", "6d1d6db3-5b8f-4e4a-a871-1f86e9e0063d"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Dec 28 2011 20:32:5[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Dec 31 2011 12:30:12 GMT-060[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Dec 31 2011 12:30:04 GMT-0600 (C[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "5b32a2a7-a20f-4446-93c3-c4ea3018f281"); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&Sea[...] Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "2855e2600000000000000015f27bd14b"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "2855e2600000000000000015f27bd14b"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15379"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:02:02"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.4935.KeywordHistory", "guitar%2520hero%2520worl[...] Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.ClearCacheDate", 5); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.FirstLaunchShown", true); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.LoadLayoutDate.50395", 31); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.StateReportDate", "1252114066932"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.customNewTab", true); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.data", "970E0D327E91ACB7AE5FC2C7B268ABD9A70C71F[...] Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.helpUsImprove", true); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.hideOthers", false); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.processAddrBar", true); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.restoreSearch", false); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.searchHistory", true); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.session", ""); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.showFirstLaunchOptions", true); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.stday", "5"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.sthour", "15"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.tb_lang", "en"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.tool_id", "50395"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.user_id", "10665517"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.user_key", "2e4e7daf50a11602c4941d2cd9d39596cf2[...] Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.user_layouts", "50395"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.user_lnames", "GOPToolbar"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.weather_location_IDcid4954", "USTN0333"); Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.weather_location_namecid4954", "Millington%2C%2[...] Deleted : user_pref("freecause6caf8213d0424722bdfadea63418689c.yahooSearch", true); File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\une46r74.default\prefs.js Deleted : user_pref("browser.search.selectedEngine", "Blekko"); ************************* AdwCleaner[R1].txt - [22169 octets] - [11/04/2013 11:25:02] AdwCleaner[R2].txt - [22230 octets] - [11/04/2013 11:26:06] AdwCleaner[s1].txt - [22186 octets] - [11/04/2013 11:26:51] ########## EOF - C:\AdwCleaner[s1].txt - [22247 octets] ########## RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : HP_Administrator [Admin rights] Mode : Remove -- Date : 04/11/2013 11:53:33 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ _INLINE_ : NtClose -> HOOKED (\SystemRoot\system32\DRIVERS\css-dvp.sys @ 0xEF71BB50) _INLINE_ : NtCreateSection -> HOOKED (\SystemRoot\system32\DRIVERS\css-dvp.sys @ 0xEF71BDBB) _INLINE_ : NtSetInformationFile -> HOOKED (\SystemRoot\system32\DRIVERS\css-dvp.sys @ 0xEF71B239) _INLINE_ : NtWriteFile -> HOOKED (\SystemRoot\system32\DRIVERS\css-dvp.sys @ 0xEF71AE85) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: HDS728080PLAT20 +++++ --- User --- [MBR] b4e4e6c0f6940006564b96eb9dd9cc8d [bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8714 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17848215 | Size: 67601 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04112013_02d1153.txt >> RKreport[1]_S_04112013_02d1152.txt ; RKreport[2]_D_04112013_02d1153.txt

Hi I think I may have a virus. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2 Run by HP_Administrator at 10:32:55 on 2013-04-11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.66 [GMT -5:00] . AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\progra~1\common~1\instal~1\update~1\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120406837E4644979E4149140DAD7B uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: SFCDisable = dword:-99 BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [synchronization Manager] c:\windows\system32\mobsync.exe /logon mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [iSUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: EnableLUA = dword:0 mPolicies-System: DisableStatusMessages = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: trymedia.com DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab TCP: NameServer = 10.10.10.5 10.10.10.6 TCP: Interfaces\{561F1795-9AB2-417B-AD95-B744EA06E279} : DHCPNameServer = 10.10.10.5 10.10.10.6 TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ob6qfmzn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ob6qfmzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ob6qfmzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin9.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: !HIDDEN! 2011-07-26 21:02; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2 . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=100486 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 2855e2600000000000000015f27bd14b FF - user.js: extensions.BabylonToolbar_i.hardId - 2855e2600000000000000015f27bd14b FF - user.js: extensions.BabylonToolbar_i.instlDay - 15379 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:02:02 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2013-04-11 15:26:07 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-11 15:25:16 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-21 18:04:30 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-21 18:04:30 12928 ------w- c:\windows\system32\dllcache\usb8023.sys . ==================== Find3M ==================== . 2013-04-11 15:24:11 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-04-11 15:24:11 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-13 17:34:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 17:34:29 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll . ============= FINISH: 10:36:50.45 ===============