tvu22

No, I was able to scan with Malwarebytes in Safe Mode, and it did the trick. Thank you for replying though.. even though it was about a week ago.

I'm unable to use Malwarebytes even renaming the file extension. I wasn't able to finish running GMER Rootkid scanner but here's the DDS and the Attach. DDS DDS (Ver_09-12-01.01) - NTFSx86 Run by TUAN VU at 21:20:06.25 on Wed 03/10/2010 Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_12 Microsoft Attach.zip DDS.txt

Alright! Thank you a lot again! I hope you have a good day.

Sorry again but I have another quick question, I'm running the Secunia Software Inspector scan, and it's scanning the C:\System Volume Information area's and my Avira is giving me dectections about C:\SystemVolume Information\...\A0028807.dll for being a TR/Monder.czoe Trojan, should I be concered and just quarantine it?

Alright, thank you.

I was reading part of your "Help! MY Computer is slow" blog, and it said most registry cleaners aren't recommended, is CCleaner's registry cleaner safe?

Hello, I never got to thank you for helping me so; Thank you very much! Everything is running smoothly, I haven't got any Avira notifications, pop-ups, and I'm in the process of updating Malwarebytes.

Here is the new ComboFix log; log.txt

It took awhile to get the log to open, but here it is! log.txt

I still get the Error 730 error. But if I may say, the pop-ups stopped right now, I only had one since 10minutes ago, and I'm not getting any more Avira AntiVir notices about a virus or anything, I had one like 10 minutes ago too, but I quarantined it.

When I scanned with ComboFix it seemed fine so I left it scanning, and when I came back my computer restarted or something, and I found a ComboFix.txt in the folder so I'm guessing it's the log, but it seems kind of short. If it's not supposed to be like that I can run another scan for you. I'll put the Hijack This log you asked for here too. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:05:24 PM, on 2/27/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\AIM\aim.exe C:\Program Files\uTorrent\uTorrent.exe C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\System32\svchost.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4460abf9-d5f6-4a85-8880-187832900faf} - valalafo.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [wunuponaf] Rundll32.exe "c:\windows\system32\jutizowi.dll",a O4 - HKLM\..\Run: [dubakaguvi] Rundll32.exe "revulazo.dll",s O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O21 - SSODL: jifiwefuh - {0d4323aa-1db4-4695-a81a-0f98df658d72} - c:\windows\system32\jutizowi.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {0d4323aa-1db4-4695-a81a-0f98df658d72} - c:\windows\system32\jutizowi.dll (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Intel ComboFix.txt

Now, I get an AntiVir Guard Warning about C:\WINDOWS\system32\pulovuwi.dll TR/Monder.czoe Trojan?

I still get the 730 Error. :| I tried renaming it and everything.

Sorry that I'm posting again, it's been 48 hours and my computer still is infected! Well, I started to get random pop-ups, asking me to install a Flash Player or something along those lines, and I knew it was malware so I tried to use it but it was unable to be found. I tried to install it regularly, and got this error "Unable to execute file mbam.exe CreateProcess failed; code 2 The system cannot find the file specified." Then I tried to install one of the randomly named set ups and got this error; "Error code: 730 (0,0)" I tried to follow the instructions as best as I could but the first time I tried scanning with GMER, it became un-responsive after a few minutes, and I had to close it, then the second time it was working but my computer screen went idle and I had to restart my computer because nothing was responding. So if it's really needed I can try scanning it a third time but I'm not so sure. Just another little note, I scanned with Avira AntiVir, and I had 7 warnings, 5 were un-removeable but I had them for awhile now so I didn't worry about it, but the 2 two I'm not so sure about.. I get random pop-ups here and there if I visit a new or even old website that I been to, they are usually nothing bad but I't highly annoying! Thank you for your time reading this and I hope my computer gets fixed. DDS Log; DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 17:29:34.45 on Tue 02/23/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.168 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\AIM\aim.exe C:\Program Files\uTorrent\uTorrent.exe C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\IntelDH\Intel Attach.zip DDS.txt

Hello again. Sorry to post another problem so soon but I want to get rid of this malware before it gets worse. Well, I started to get random pop-ups, asking me to install a Flash Player or something along those lines, and I knew it was malware so I tried to use it but it was unable to be found. I tried to install it regularly, and got this error "Unable to execute file mbam.exe CreateProcess failed; code 2 The system cannot find the file specified." Then I tried to install one of the randomly named set ups and got this error; "Error code: 730 (0,0)" I tried to follow the instructions as best as I could but the first time I tried scanning with GMER, it became un-responsive after a few minutes, and I had to close it, then the second time it was working but my computer screen went idle and I had to restart my computer because nothing was responding. So if it's really needed I can try scanning it a third time but I'm not so sure. Just another little note, I scanned with Avira AntiVir, and I had 7 warnings, 5 were un-removeable but I had them for awhile now so I didn't worry about it, but the 2 two I'm not so sure about.. Thank you for your time reading this and I hope my computer gets fixed. DDS Log; DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 17:29:34.45 on Tue 02/23/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.168 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\AIM\aim.exe C:\Program Files\uTorrent\uTorrent.exe C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [RTHDCPL] RTHDCPL.EXE mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [wunuponaf] Rundll32.exe "c:\windows\system32\dutudari.dll",a mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL Trusted Zone: trymedia.com DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab AppInit_DLLs: pulovuwi.dll c:\windows\system32\dutudari.dll SSODL: wasutoyiv - {ef37331b-bb29-4096-ac86-c3069a602b53} - c:\windows\system32\dutudari.dll STS: tokatiluy: {ef37331b-bb29-4096-ac86-c3069a602b53} - c:\windows\system32\dutudari.dll LSA: Notification Packages = scecli revulazo.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\iejihnro.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-31 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-31 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-31 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-31 56816] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] =============== Created Last 30 ================ 2010-02-23 22:27:30 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable 2010-02-15 01:18:24 0 d-----w- c:\docume~1\hp_adm~1\applic~1\ZoomBrowser EX 2010-02-15 01:12:13 0 d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser 2010-02-15 01:11:50 0 d-----w- c:\program files\Canon 2010-02-15 01:05:32 0 d-----w- c:\program files\common files\Canon 2010-02-03 23:54:37 0 d-----w- c:\program files\iTunes ==================== Find3M ==================== 2010-01-15 00:05:32 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys 2009-12-31 16:14:12 352640 ------w- c:\windows\system32\drivers\srv.sys 2009-12-31 16:14:12 352640 ------w- c:\windows\system32\dllcache\srv.sys 2009-12-28 00:38:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-23 17:47:43 7948 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat 2009-12-16 12:58:04 343040 ------w- c:\windows\system32\mspaint.exe 2009-12-16 12:58:04 343040 ------w- c:\windows\system32\dllcache\mspaint.exe 2009-12-16 12:57:07 18432 ------w- c:\windows\system32\dllcache\iedw.exe 2009-12-14 07:35:35 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll 2009-12-14 07:35:35 33280 ------w- c:\windows\system32\csrsrv.dll 2009-12-10 03:54:07 261632 ----a-w- c:\windows\PEV.exe 2009-12-08 18:55:25 2180352 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-08 18:53:08 2136064 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:53:08 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-08 18:19:32 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-08 18:19:32 2015744 ------w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 18:19:32 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-08 09:13:51 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll 2009-12-04 14:41:55 453760 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2009-11-27 17:04:16 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:04:16 1291776 ------w- c:\windows\system32\dllcache\quartz.dll 2009-11-27 17:04:15 17920 ------w- c:\windows\system32\msyuv.dll 2009-11-27 17:04:15 17920 ------w- c:\windows\system32\dllcache\msyuv.dll 2009-11-27 16:37:27 8704 ------w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:37:27 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll 2009-11-27 16:37:27 84992 ------w- c:\windows\system32\dllcache\avifil32.dll 2009-11-27 16:37:27 84992 ------w- c:\windows\system32\avifil32.dll 2009-11-27 16:37:27 48128 ------w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:37:27 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll 2009-11-27 16:37:27 28672 ------w- c:\windows\system32\msvidc32.dll 2009-11-27 16:37:27 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll 2009-11-27 16:37:27 11264 ------w- c:\windows\system32\msrle32.dll 2009-11-27 16:37:27 11264 ------w- c:\windows\system32\dllcache\msrle32.dll 1601-01-01 00:03:28 96256 --sha-w- c:\windows\system32\dutudari.dll 1601-01-01 00:03:28 44032 --sha-w- c:\windows\system32\mamapome.dll 1601-01-01 00:03:52 56832 --sha-w- c:\windows\system32\pulovuwi.dll 1601-01-01 00:03:52 56832 --sha-w- c:\windows\system32\revulazo.dll 1601-01-01 00:03:52 56832 --sha-w- c:\windows\system32\valalafo.dll 1601-01-01 00:03:28 70656 --sha-w- c:\windows\system32\weziroze.dll ============= FINISH: 17:30:22.35 =============== DDS.txt Attach.zip

Since I haven't been on my computer with the exception of scanning, etc, I'm not 100% sure, but for now everything is running smoothly again. If the browser tab pop up happens again, I'll be sure to post. Thank you for spending your time helping me. I appreciate it a lot. DDS DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 16:12:08.73 on Sun 01/17/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.583 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\AIM\aim.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\HP_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [RTHDCPL] RTHDCPL.EXE mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL Trusted Zone: trymedia.com DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\iejihnro.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-31 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-31 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-31 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-31 56816] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] =============== Created Last 30 ================ 2010-01-17 18:18:58 0 d-----w- c:\program files\ESET 2010-01-17 16:34:12 98816 ----a-w- c:\windows\sed.exe 2010-01-17 16:34:12 77312 ----a-w- c:\windows\MBR.exe 2010-01-17 16:34:12 261632 ----a-w- c:\windows\PEV.exe 2010-01-17 16:34:12 161792 ----a-w- c:\windows\SWREG.exe 2010-01-17 02:28:23 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable 2010-01-14 20:30:56 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-05 00:05:26 122880 ----a-w- c:\windows\system32\Imsmudlg.exe 2010-01-05 00:05:26 0 d-----w- c:\windows\system32\ENU 2010-01-05 00:01:20 227 ----a-w- c:\windows\HP_CounterReport_Update_HPSU.ini 2010-01-05 00:01:17 214 ----a-w- c:\windows\HP_48BitScanUpdatePatch.ini 2010-01-05 00:00:03 221 ----a-w- c:\windows\HP_RedboxHprblog_HPSU.ini 2010-01-04 23:58:22 0 d-----w- C:\SystemRoot 2010-01-04 23:02:57 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HpUpdate 2010-01-04 23:02:55 0 d-----w- c:\windows\Hewlett-Packard 2009-12-28 00:38:47 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-12-27 14:23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-27 14:23:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-27 14:23:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-26 18:52:26 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-12-26 18:52:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-12-26 18:52:25 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2009-12-26 18:52:24 159232 ----a-w- c:\windows\system32\ptpusd.dll ==================== Find3M ==================== 2010-01-15 00:05:32 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys 2009-12-28 00:38:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-23 17:47:43 7948 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat 2009-12-07 22:48:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-21 17:44:49 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-11-21 17:44:49 47360 ----a-w- c:\docume~1\hp_adm~1\applic~1\pcouffin.sys 2009-11-21 16:36:13 470528 ------w- c:\windows\system32\dllcache\aclayers.dll 2009-10-27 11:06:22 18432 ------w- c:\windows\system32\dllcache\iedw.exe 2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:00:55 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 06:00:55 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2009-10-20 14:58:48 263552 ------w- c:\windows\system32\dllcache\http.sys ============= FINISH: 16:12:49.12 ===============

Hello again. I finally finished the ESET scanner. There was 1 threat but it said it was cleaned. A log didn't appear but in the ESET Online Scanner folder I found one that says log but I'm not sure, but I'm pretty sure it's the right one. Here the the contents, and sorry to keep you waiting. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=fe359fc9556dc8418d15b9861718d3e9 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-01-17 08:14:46 # local_time=2010-01-17 03:14:46 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=769 16774142 0 2 16980034 16980034 0 0 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775125 100 100 83453 40081788 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=117679 # found=1 # cleaned=1 # scan_time=6735 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C

I just finished the Malwarebytes Scan, and I'll show the results to you of the ESET scan once it's finished.. Nothing appeared for Malwarebytes. Malwarebytes' Anti-Malware 1.44 Database version: 3583 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 1/17/2010 1:14:06 PM mbam-log-2010-01-17 (13-14-06).txt Scan type: Quick Scan Objects scanned: 130634 Time elapsed: 7 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Sorry it took awhile, once my computer restared Avira was turned on automatically, and kept on asking me if I wanted to quarantine ComboFix, so I had to ignore it a few times. Here is the ComboFix log: ComboFix 10-01-16.04 - HP_Administrator 01/17/2010 11:39:25.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.678 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\inst.exe c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\AntiCrash.lnk c:\documents and settings\HP_Administrator\Application Data\inst.exe c:\recycler\S-1-5-21-175554784-482997867-2904977345-1008 c:\recycler\S-1-5-21-61209745-1589532965-4150809920-1008 c:\recycler\S-1-5-21-864031089-4010442294-3891632424-1008 c:\windows\kb913800.exe c:\windows\system32\config\systemprofile\Desktop\Internet Security 2010.lnk c:\windows\system32\ps2.bat D:\Autorun.inf Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 ))))))))))))))))))))))))))))))) . 2010-01-14 20:30 . 2010-01-14 20:47 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-11 22:21 . 2010-01-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2010-01-05 00:05 . 2010-01-05 00:05 -------- d-----w- c:\windows\system32\ENU 2010-01-05 00:05 . 2006-03-09 13:57 122880 ----a-w- c:\windows\system32\Imsmudlg.exe 2010-01-04 23:58 . 2010-01-04 23:58 -------- d-----w- C:\SystemRoot 2010-01-04 23:02 . 2010-01-11 22:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate 2010-01-04 23:02 . 2010-01-04 23:02 -------- d-----w- c:\windows\Hewlett-Packard 2009-12-27 14:23 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-27 14:23 . 2010-01-14 20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-27 14:23 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-26 18:52 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-12-26 18:52 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-12-26 18:52 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2009-12-26 18:52 . 2004-08-04 05:56 159232 ----a-w- c:\windows\system32\ptpusd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-17 16:37 . 2009-03-02 23:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent 2010-01-15 00:05 . 2005-06-17 13:33 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-01-14 22:02 . 2009-05-16 20:03 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-14 20:33 . 2010-01-14 20:33 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-14 00:31 . 2008-11-11 22:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire 2010-01-14 00:21 . 2009-11-05 00:57 -------- d-----w- c:\program files\LimeWire 2010-01-10 23:01 . 2009-12-06 20:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Move Networks 2010-01-09 16:53 . 2009-07-29 22:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso 2010-01-09 16:53 . 2009-07-29 22:51 -------- d-----w- c:\program files\DVDFab 6 2010-01-04 23:03 . 2006-02-28 02:37 -------- d-----w- c:\program files\HP 2010-01-04 23:03 . 2006-02-28 02:57 -------- d-----w- c:\program files\Hewlett-Packard 2009-12-28 01:11 . 2006-02-28 02:48 56152 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-28 00:38 . 2009-11-05 00:59 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-23 17:47 . 2008-11-16 23:41 7948 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat 2009-12-12 20:09 . 2008-11-10 00:12 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3 2009-12-07 22:48 . 2009-10-31 21:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-06 20:41 . 2009-12-06 20:41 127872 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\uninstall.exe 2009-12-06 20:41 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll 2009-11-21 17:44 . 2009-07-29 22:51 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-11-21 17:44 . 2009-07-29 22:51 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys 2009-11-21 17:44 . 2009-07-29 22:51 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys 2009-11-21 16:36 . 2004-08-10 04:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-21 16:01 . 2009-07-29 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-11-05 00:59 . 2009-10-30 00:41 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-11-03 23:57 . 2009-11-03 23:48 52770576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe 2009-10-31 23:01 . 2009-10-31 23:01 45056 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe1_08C2044E9E9840058E3CE438A10501EC.exe 2009-10-31 23:01 . 2009-10-31 23:01 45056 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe_08C2044E9E9840058E3CE438A10501EC.exe 2009-10-31 23:01 . 2009-10-31 23:01 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\ARPPRODUCTICON.exe 2009-10-29 05:48 . 2004-08-10 04:00 662016 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 01:58 . 2009-10-29 01:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-27 23:29 . 2001-10-17 21:09 66 ----a-w- c:\windows\anticrash.dat 2009-10-27 23:29 . 2009-10-22 22:19 64512 ---ha-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\dach100.dll 2009-10-27 23:29 . 2009-10-22 22:19 64512 ---ha-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\dach100.dll 2009-10-25 20:44 . 2009-08-17 22:47 202 ---ha-w- c:\windows\winshell.dat 2009-10-21 22:00 . 2009-10-21 22:00 47360 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\pcouffin.sys 2009-10-21 22:00 . 2009-10-21 22:00 47360 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\pcouffin.sys 2009-10-21 06:00 . 2004-08-10 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:00 . 2004-08-10 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 00:17 . 2009-10-21 00:12 23510720 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe 2009-10-20 14:58 . 2004-08-10 04:00 263552 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-20 00:17 . 2009-10-20 00:06 52770576 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-31 2923192] "Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104] "Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-04 289584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-05 7307264] "nwiz"="nwiz.exe" [2005-11-05 1519616] "RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-28 149280] c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-11-10 3450608] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-11-10 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-27 36903] [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57144:TCP"= 57144:TCP:Pando Media Booster "57144:UDP"= 57144:UDP:Pando Media Booster R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/31/2009 4:16 PM 108289] . Contents of the 'Scheduled Tasks' folder 2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3085225329-3884617760-1248814583-1008Core.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 22:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - HKLM-Run-PCDrProfiler - (no file) SSODL-povewidat-{da014440-b550-4234-a57c-90e259bd18e4} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-17 11:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2900) c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\nview.dll c:\windows\system32\nvwddi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\RTHDCPL.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\rundll32.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe c:\windows\system32\dllhost.exe c:\windows\eHome\ehmsas.exe c:\program files\DISC\DiscStreamHub.exe . ************************************************************************** . Completion time: 2010-01-17 11:56:13 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-17 16:56 Pre-Run: 155,588,149,248 bytes free Post-Run: 155,523,063,808 bytes free - - End Of File - - DD22731DFA4355F1B130F745F60F432F

Alright, thank you. Can I try removing the virus first before I reformat my computer?

Hello. It took me awhile to finish the GMER scan but I finally got it to work without my computer freezing/lagging really badly. My computer kept on lagging very very badly after the GMER scan, but I'm not sure why. I thought I should tell you this. It's better once I restart it though. If it's needed to know, my problem was that my browser, Mozilla Firefox kept on having pop ups like once every 10-20minutes. Such as, I'll go to Facebook or something, and it'll have a popup that opens in another tab. It's never anything un-appropiate but it gets really annoying. I usually never have popups but they keep on happening. I'll attach the ark/attach logs and Malwarebytes. DDS DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 21:29:18.03 on Sat 01/16/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.481 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\wuauclt.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [RTHDCPL] RTHDCPL.EXE mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [<NO NAME>] mRun: [PCDrProfiler] mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL Trusted Zone: trymedia.com DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab SSODL: povewidat - {da014440-b550-4234-a57c-90e259bd18e4} - No File LSA: Notification Packages = scecli yiyagefi.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\iejihnro.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-31 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-31 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-31 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-31 56816] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] =============== Created Last 30 ================ 2010-01-17 02:28:23 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable 2010-01-14 20:30:56 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-05 00:05:26 122880 ----a-w- c:\windows\system32\Imsmudlg.exe 2010-01-05 00:05:26 0 d-----w- c:\windows\system32\ENU 2010-01-05 00:01:20 227 ----a-w- c:\windows\HP_CounterReport_Update_HPSU.ini 2010-01-05 00:01:17 214 ----a-w- c:\windows\HP_48BitScanUpdatePatch.ini 2010-01-05 00:00:03 221 ----a-w- c:\windows\HP_RedboxHprblog_HPSU.ini 2010-01-04 23:58:22 0 d-----w- C:\SystemRoot 2010-01-04 23:02:57 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HpUpdate 2010-01-04 23:02:55 0 d-----w- c:\windows\Hewlett-Packard 2009-12-28 00:38:47 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-12-27 14:23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-27 14:23:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-27 14:23:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-26 18:52:26 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-12-26 18:52:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-12-26 18:52:25 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2009-12-26 18:52:24 159232 ----a-w- c:\windows\system32\ptpusd.dll ==================== Find3M ==================== 2010-01-15 00:05:32 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys 2009-12-28 00:38:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-23 17:47:43 7948 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat 2009-12-07 22:48:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-21 17:44:49 87608 ----a-w- c:\docume~1\hp_adm~1\applic~1\inst.exe 2009-11-21 17:44:49 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-11-21 17:44:49 47360 ----a-w- c:\docume~1\hp_adm~1\applic~1\pcouffin.sys 2009-11-21 16:36:13 470528 ------w- c:\windows\system32\dllcache\aclayers.dll 2009-10-27 11:06:22 18432 ------w- c:\windows\system32\dllcache\iedw.exe 2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:00:55 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 06:00:55 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2009-10-20 14:58:48 263552 ------w- c:\windows\system32\dllcache\http.sys ============= FINISH: 21:30:17.63 =============== ark.zip DDS.txt

Alright, thank you for helping. I was just wondering, do you think system restoring to 1-2 days before this happen could get rid of the problem? Not saying that I would but as an alternative.

I'm sorry if this is the wrong section or even forum but it's been bugging me. I had this problem earlier near the beginning of December, but this time it's not that serious. I'll give you guys the full story. About 3 days ago, I had one of the rogue viruses where it disguises itself as an antivirus and says it's scanning your computer. I got rid of it by scanning with Malwarebytes and Avira about 2-3times. But on both of them Malwarebytes and Avira, said there was like 1-3 things they couldn't remove. I was thinking this maybe related to my problem? Whenever I use Mozilla Firefox now, I might go to a page, such as Facebook, and then another page will open either in another tab or window. But mostly it opens in another tab. The page it opens up to isn't really anything bad. Sometimes it's something about jobs or a search engine. But it's getting quite annoying. I was wondering if it's a virus/malware? If you are wondering too, Malwarebytes and Avira works fine. Along with my computer but the popups are annoying, and maybe relating to my virus? Sorry again if this is the wrong place to put it. Last time I had the same problem with the popups but that time, Malwarebytes wouldn't open. This time it does. Thank you for your time reading this.

Thank you for all your help. I really appreciate it. I'll do all of these very soon.

The computer is working smoothly now. I haven't had a pop up since then, and Malwarebytes is running fine. Here's the OTL log: OTL logfile created on: 12/27/2009 6:58:04 PM - Run 2 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 177.75 Gb Total Space | 138.17 Gb Free Space | 77.73% Space Free | Partition Type: NTFS Drive D: | 8.53 Gb Total Space | 0.45 Gb Free Space | 5.25% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-4DACD0EA75 Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\AIM\aim.exe (AOL LLC) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) PRC - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\DISC\DiscGui.exe (Digital Interactive Systems Corporation, Inc.) PRC - C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation) PRC - C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.) PRC - C:\Program Files\DISC\DiscStreamHub.exe (Digital Interactive Systems Corporation, Inc.) PRC - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Stardock\ObjectDock\DockShellHook.dll () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll (BackWeb) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software) DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation) DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation) DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation) DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation) DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys () DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.defaultthis.engineName: "LiveTV_ Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.5.3.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/08 16:07:56 | 00,000,000 | ---D | M] [2009/06/07 10:19:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions [2009/04/25 12:12:40 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/07 10:19:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2009/11/26 19:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\extensions [2009/05/30 11:02:17 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2009/10/27 19:32:15 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/10/28 15:59:34 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/10/27 19:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\extensions\autopager@mozilla.org [2009/10/27 19:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\extensions\personas@christopher.beard [2009/06/12 10:36:53 | 00,004,196 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\searchplugins\aim-search.xml [2009/05/19 10:29:48 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\searchplugins\conduit.xml [2009/11/26 19:21:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/10/27 18:06:16 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/05/14 20:13:04 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/08/24 15:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/08/24 15:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/05/14 20:12:45 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll [2009/08/24 15:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/07/30 11:27:19 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2009/10/22 18:36:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/10/22 18:36:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/10/22 18:36:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/10/22 18:36:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/10/22 18:36:12 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/10/22 18:36:12 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/10/22 18:36:12 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation) O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.) O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCDrProfiler] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard) O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: povewidat - {da014440-b550-4234-a57c-90e259bd18e4} - CLSID or File not found. O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/27 22:04:28 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/27 17:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009/12/27 15:14:50 | 00,000,000 | ---D | C] -- C:\_OTL [2009/12/27 15:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Smallvile [2009/12/27 15:10:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Glee [2009/12/27 09:23:14 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/27 09:23:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/27 09:23:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/26 13:52:26 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2009/12/26 13:52:25 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2009/12/26 13:52:24 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2009/12/25 18:02:03 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent [2009/12/12 12:53:10 | 00,000,000 | ---D | C] -- C:\spoolerlogs [2009/12/06 15:41:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks [2009/12/04 06:48:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak [2009/12/03 15:21:02 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2009/12/03 15:18:18 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2009/12/03 15:17:53 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2009/12/03 15:17:53 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2009/12/03 15:17:53 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2009/12/03 15:17:53 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2009/12/02 21:58:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2009/12/02 15:14:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2009/10/31 17:20:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/10/31 17:20:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/10/31 17:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/10/31 17:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/08/05 16:56:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2009/07/29 17:51:17 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys [2009/03/23 14:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/03/22 12:25:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2008/11/22 23:23:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2005/09/24 10:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll ========== Files - Modified Within 30 Days ========== [2009/12/27 17:53:21 | 00,174,673 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\percyjackson_2.jpg [2009/12/27 17:33:20 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/12/27 17:01:44 | 00,000,245 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat [2009/12/27 17:00:48 | 00,041,071 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/27 17:00:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/27 17:00:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/27 17:00:43 | 10,721,23904 | -HS- | M] () -- C:\hiberfil.sys [2009/12/27 16:59:51 | 03,670,016 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT [2009/12/27 16:59:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini [2009/12/27 16:59:35 | 01,046,224 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db [2009/12/27 15:31:43 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/27 14:09:38 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/26 20:26:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085225329-3884617760-1248814583-1008Core.job [2009/12/26 15:30:42 | 00,000,593 | ---- | M] () -- C:\WINDOWS\win.ini [2009/12/26 15:30:42 | 00,000,279 | RHS- | M] () -- C:\boot.ini [2009/12/26 15:30:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/26 11:53:15 | 00,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk [2009/12/25 20:10:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/23 12:47:43 | 00,007,948 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat [2009/12/10 10:01:18 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/10 10:01:18 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/10 10:01:18 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/08 16:21:41 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/07 17:48:27 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/12/04 06:43:44 | 00,214,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/12/03 22:12:19 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2009/12/27 17:53:21 | 00,174,673 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\percyjackson_2.jpg [2009/12/27 15:31:43 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/31 15:21:49 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat [2009/07/29 17:51:23 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.log [2009/07/29 17:51:18 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe [2009/07/29 17:51:18 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat [2009/07/29 17:51:17 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf [2009/07/22 16:20:44 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/05/24 12:42:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009/03/23 20:25:30 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/11/17 17:46:00 | 00,000,002 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\evf [2008/11/16 18:41:18 | 00,007,948 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat [2008/11/12 17:55:42 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/02/27 22:34:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/02/27 22:10:48 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2006/02/27 22:07:32 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2006/02/27 22:07:26 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2006/02/27 22:05:03 | 00,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2006/02/27 22:02:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/02/27 21:51:39 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/02/27 21:50:18 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini [2006/02/27 21:37:22 | 00,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2006/02/27 21:36:32 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/02/27 21:33:24 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/02/27 21:33:24 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/02/27 21:33:24 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/02/27 21:33:24 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/02/27 21:33:23 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/02/27 21:31:53 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/02/27 21:11:17 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll [2006/02/27 21:11:17 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll [2006/02/27 21:10:55 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2005/12/09 16:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/06 00:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/08/09 23:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2004/07/26 09:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86 < End of report >