GeekPolice Tech TutorialsLog in

 

Share

descriptionmalicoious URL

more_horiz
does anybody know how to get rid of this malicious URL?

i'm getting this http://77.78.240.151/redir.php url that keeps popping up.

descriptionRe: malicoious URL

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionRe: malicoious URL

more_horiz
thanks

descriptionRe: malicoious URL

more_horiz
OTL logfile created on: 10/2/2010 6:26:42 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 441.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 167.83 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.86 Gb Free Space | 12.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-55E5F9E3D2
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/02 18:26:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
PRC - [2010/10/02 16:09:46 | 000,057,344 | RHS- | M] () -- C:\Documents and Settings\HP_Administrator\mwsioz.exe
PRC - [2010/09/07 02:10:44 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2005/03/25 10:15:47 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2005/03/25 10:14:37 | 001,187,840 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2005/03/25 09:38:41 | 000,241,777 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
PRC - [2005/03/25 09:38:41 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2004/10/13 16:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 16:00:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/10/13 14:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/30 11:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2004/08/27 16:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/27 16:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2004/08/27 16:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/08/27 16:22:40 | 000,058,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/27 15:02:54 | 000,206,048 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/06 01:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


========== Modules (SafeList) ==========

MOD - [2010/10/02 18:26:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
MOD - [2005/03/25 10:15:47 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
MOD - [2004/08/24 15:05:02 | 000,197,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2004/08/10 11:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/02/21 12:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2004/08/30 19:29:46 | 000,078,992 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2004/08/30 11:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/08/27 16:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/27 16:22:48 | 000,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/27 16:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/08/27 16:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/27 15:02:54 | 000,206,048 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/08/06 01:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/23 12:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/07/21 09:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2004/11/17 09:00:00 | 000,629,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/11/17 09:00:00 | 000,072,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041117.006\NAVENG.SYS -- (NAVENG)
DRV - [2004/11/11 12:43:02 | 000,131,840 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2004/11/03 21:40:04 | 000,821,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/13 17:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/27 15:02:28 | 000,266,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/27 15:02:26 | 000,025,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/08/27 15:02:24 | 000,034,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/08/27 15:02:20 | 000,046,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/08/27 15:02:18 | 000,171,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/08/27 15:02:16 | 000,011,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/08/26 07:03:38 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/07/23 12:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/07/23 12:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/07/21 09:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/29 10:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/04/26 23:31:14 | 000,135,168 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/18 00:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 18:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 09:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 07:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 06:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/10 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKCU..\Run: [mwsioz] C:\Documents and Settings\HP_Administrator\mwsioz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/25 10:45:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/02/22 05:16:28 | 000,000,100 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{e64eb813-ce79-11df-abc3-0011d8bba79b}\Shell - "" = AutoRun
O33 - MountPoints2\{e64eb813-ce79-11df-abc3-0011d8bba79b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/02 18:26:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2010/10/02 17:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2010/10/02 17:08:05 | 002,788,816 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\HP_Administrator\My Documents\install_flash_player.exe
[2010/10/02 17:04:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/02 17:02:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/10/02 16:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Opera
[2010/10/02 16:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Opera
[2010/10/02 16:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/10/02 16:41:41 | 010,819,728 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\HP_Administrator\Desktop\Opera_1062_en_Setup.exe
[2010/10/02 16:36:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/02 16:36:42 | 000,198,656 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM8O.DLL
[2010/10/02 16:36:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/10/02 16:36:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/10/02 16:36:30 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/10/02 16:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Canon
[2010/10/02 16:32:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\UserData
[2010/10/02 16:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2010/10/02 16:32:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/02 16:32:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/10/02 16:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/10/02 16:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/10/02 16:24:18 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/10/02 16:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/10/02 16:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/10/02 16:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/02 16:15:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/02 16:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft Help
[2010/10/02 16:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/10/02 16:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\office 2007
[2010/10/02 16:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\cwcheat
[2010/10/02 16:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\my class
[2010/10/02 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Photoshop
[2010/10/02 16:09:51 | 006,238,105 | ---- | C] (CCCP Project ) -- C:\Documents and Settings\HP_Administrator\Desktop\Combined-Community-Codec-Pack-2009-09-09.exe
[2010/10/02 16:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\my document
[2010/10/02 16:08:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2010/10/02 16:08:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/10/02 16:07:42 | 000,090,112 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\ps2.EXE
[2010/10/02 16:06:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2010/10/02 16:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InterMute
[2010/10/02 16:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2010/10/02 16:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
[2010/10/02 16:06:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Cookies
[2010/10/02 16:06:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Application Data
[2010/10/02 16:06:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Favorites
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Apple Computer
[2010/10/02 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2010/10/02 16:06:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\SendTo
[2010/10/02 16:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu
[2010/10/02 16:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2010/10/02 16:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2010/10/02 16:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2010/10/02 16:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents
[2010/10/02 16:06:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Templates
[2010/10/02 16:06:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\PrintHood
[2010/10/02 16:06:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\NetHood
[2010/10/02 16:06:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings
[2010/10/02 16:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WINDOWS
[2010/10/02 16:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/10/02 15:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386
[2010/10/02 15:51:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/10/02 15:51:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/10/02 15:51:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/10/02 15:51:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/10/02 15:51:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/10/02 15:51:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/10/02 15:50:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/10/02 15:50:09 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/10/02 15:50:07 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/10/02 15:49:33 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2005/03/25 09:44:24 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/02 18:26:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2010/10/02 17:08:13 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\HP_Administrator\My Documents\install_flash_player.exe
[2010/10/02 17:03:23 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/02 16:42:08 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/02 16:42:07 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/10/02 16:41:47 | 010,819,728 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\HP_Administrator\Desktop\Opera_1062_en_Setup.exe
[2010/10/02 16:35:51 | 009,190,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\iP1800_Win32.exe
[2010/10/02 16:32:37 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/10/02 16:31:43 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/10/02 16:31:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/02 16:31:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/02 16:31:32 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 16:31:32 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/02 16:30:25 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/10/02 16:30:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/10/02 16:28:38 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/02 16:13:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/02 16:09:46 | 000,057,344 | RHS- | M] () -- C:\Documents and Settings\HP_Administrator\mwsioz.exe
[2010/10/02 16:09:02 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/02 16:09:02 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/02 16:09:02 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/02 16:08:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/10/02 16:08:07 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/02 16:07:59 | 000,001,933 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PS591AA-ABA M7077C_YC_0Pavi_QMXK515_E52NAsyEPC2_47_IPuffer2_SASUSTeK Computer INC._V1.xx_B3.19_T050310_WXP2_L409_M1024_J200_7Intel_8Pentium 4_93.2_#050519_N10EC8139_Z11C1048C_G10025B60.MRK
[2010/10/02 16:06:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/02 16:05:56 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/02 16:05:53 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/10/02 16:05:43 | 000,002,150 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini
[2010/10/02 16:05:16 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/10/02 12:18:04 | 000,011,358 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Doua Vang.docx
[2010/10/01 00:46:47 | 000,012,247 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van8.docx
[2010/09/30 19:47:53 | 000,015,273 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van6.docx
[2010/09/30 19:46:37 | 000,013,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van7.docx
[2010/09/30 18:30:21 | 000,071,588 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cheecultural.pptx
[2010/09/29 14:36:09 | 000,024,186 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\front mission 3 walk through.docx
[2010/09/28 21:27:05 | 000,011,492 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chonglab3.docx
[2010/09/26 00:20:04 | 000,013,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van5.docx
[2010/09/25 21:06:12 | 000,015,403 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van4.docx
[2010/09/25 16:04:17 | 000,017,299 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van3.docx
[2010/09/22 13:01:37 | 000,012,546 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chonglab2.docx
[2010/09/21 17:44:21 | 000,013,474 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van2.docx
[2010/09/21 17:02:43 | 000,013,873 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Vang11.docx
[2010/09/21 17:02:40 | 000,014,025 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van1.docx
[2010/09/21 14:45:45 | 000,256,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\161-lec08- Noise.ppt
[2010/09/16 01:42:51 | 000,011,409 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ChongVang.docx
[2010/09/10 18:33:22 | 039,380,920 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\turbo remove.docx
[2010/09/10 11:54:23 | 000,064,968 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\untitled.JPG
[2010/09/10 10:46:17 | 000,016,102 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Vang Audience Analysis.docx
[2010/09/10 07:15:28 | 000,016,122 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Vang.docx
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/02 16:42:08 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/02 16:42:07 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/10/02 16:35:48 | 009,190,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\iP1800_Win32.exe
[2010/10/02 16:32:35 | 000,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2010/10/02 16:32:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/02 16:13:29 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/02 16:09:53 | 000,064,968 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\untitled.JPG
[2010/10/02 16:09:52 | 039,380,920 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\turbo remove.docx
[2010/10/02 16:09:52 | 000,075,906 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\gasket.JPG
[2010/10/02 16:09:52 | 000,024,186 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\front mission 3 walk through.docx
[2010/10/02 16:09:52 | 000,011,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Doua Vang.docx
[2010/10/02 16:09:51 | 000,256,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\161-lec08- Noise.ppt
[2010/10/02 16:09:51 | 000,071,588 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cheecultural.pptx
[2010/10/02 16:09:51 | 000,017,299 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van3.docx
[2010/10/02 16:09:51 | 000,016,122 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Vang.docx
[2010/10/02 16:09:51 | 000,016,102 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Vang Audience Analysis.docx
[2010/10/02 16:09:51 | 000,015,403 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van4.docx
[2010/10/02 16:09:51 | 000,015,273 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van6.docx
[2010/10/02 16:09:51 | 000,014,025 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van1.docx
[2010/10/02 16:09:51 | 000,013,873 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Vang11.docx
[2010/10/02 16:09:51 | 000,013,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van7.docx
[2010/10/02 16:09:51 | 000,013,474 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van2.docx
[2010/10/02 16:09:51 | 000,013,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van5.docx
[2010/10/02 16:09:51 | 000,012,546 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chonglab2.docx
[2010/10/02 16:09:51 | 000,012,247 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chee Van8.docx
[2010/10/02 16:09:51 | 000,011,492 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Chonglab3.docx
[2010/10/02 16:09:51 | 000,011,409 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ChongVang.docx
[2010/10/02 16:09:46 | 000,057,344 | RHS- | C] () -- C:\Documents and Settings\HP_Administrator\mwsioz.exe
[2010/10/02 16:08:46 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/10/02 16:07:54 | 000,001,933 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PS591AA-ABA M7077C_YC_0Pavi_QMXK515_E52NAsyEPC2_47_IPuffer2_SASUSTeK Computer INC._V1.xx_B3.19_T050310_WXP2_L409_M1024_J200_7Intel_8Pentium 4_93.2_#050519_N10EC8139_Z11C1048C_G10025B60.MRK
[2010/10/02 16:07:45 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/02 16:07:03 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/02 16:07:03 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/02 16:07:02 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/10/02 16:07:02 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/10/02 16:07:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/10/02 16:07:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/10/02 16:06:57 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/10/02 16:06:57 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
[2010/10/02 16:06:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/10/02 16:05:52 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/10/02 16:05:52 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/10/02 16:00:10 | 000,000,249 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.dat
[2005/03/25 10:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 10:44:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/25 10:44:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/25 10:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/25 10:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/25 10:44:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/25 10:44:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/25 10:15:07 | 000,015,327 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/25 10:15:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/25 10:14:39 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/25 10:11:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/25 09:50:18 | 000,001,446 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/25 09:47:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/25 09:45:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/25 09:45:00 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/03/25 09:35:18 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/25 09:34:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/25 09:34:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/25 09:33:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 16:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 03:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 03:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/10 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/07/26 14:51:38 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
< End of report >

descriptionRe: malicoious URL

more_horiz
OTL Extras logfile created on: 10/2/2010 6:26:42 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 441.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 167.83 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.86 Gb Free Space | 12.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-55E5F9E3D2
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{44397CF9-315D-4535-8585-DCD2EE47B966}" = Opera 10.62
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}" = HP Tunes
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7B98685A-4E21-4A4F-A2D6-DC557042BADA}" = HPIZplus450
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90AD8C11-ED4A-4AE7-BB70-7740C452C999}" = Visual J# .NET Redistributable Package
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{D0420D64-8D33-4374-A2B2-9225C7925CA6}" = HP Image Zone Plus 4.5.3
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"24E45CE4-1683-4B71-B8AD-8D7B0A209088" = Orbital from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"7D048B8F-76EB-4BFA-9629-2A5881C9F7A3" = Road Ready Streetwise from HP Media Center (remove only)
"A8B63E91-BB8C-41FF-B530-5BB13C915612" = Overball from HP Media Center (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 4.5.3
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SpySubtract" = SpySubtract
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)

< End of report >

descriptionRe: malicoious URL

more_horiz
Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.
Permissions in this forum:
You cannot reply to topics in this forum