axel.dav, full :D drive, high fan speeds

Hi.
I am trying to recover an XP Media Ctr 2005 box of my mother's so that my daughter can get some use out of it while XP is still supported. It obviously has an axel... issue, and I believe that may have caused the Recovery / drive to fill up, as I keep getting the Low Disk Space message. Disc Cleanup is of no help, as there are 0 KB of only 2 files shown that could be cleaned, and I'm not knowledgeable enough to mess with 's hidden files. To this end the box's cooling fans are almost always pegged (high/loud) due, I believe, to the logjam of axel... file(s).

I know this is an older malware issue [it's an older machine, like me : ) ] but I'm sure you can probably advise me in short order. It's a problem that plagued my mom's use of this box for years, and now I've inherited it. I'd like NOT to pass it on to my daughter.

Thank you in advance for any hair-pulling you can save me!!!! I'll look forward to your reply.

Notepad Log(s) follow:

EDIT: Submitting my post w/ both logs get yields website message "The posted message is too long." so I'll post logs seperately under same topic title.

axel.dav, full drive, high fan speeds (PART 2)


OTL Extras logfile created on: 8/11/2012 10:46:28 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.98% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.33 Gb Total Space | 217.40 Gb Free Space | 96.91% Space Free | Partition Type: NTFS
Drive D: | 8.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel Viiv Software
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"DISCover" = DISCover
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Intel Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PROSet" = Intel(R) PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2012 5:08:41 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Standard Edition 2003 -- Error 1706. Setup
cannot find the required files. Check your connection to the network, or CD-ROM
drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 8/11/2012 12:40:03 PM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF56 Description:. 0x8004FF56.

Error - 8/11/2012 2:07:29 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11706
Description = Product: Sonic RecordNow Copy -- Error 1706. An installation package
for the product Sonic RecordNow Copy cannot be found. Try the installation again
using a valid copy of the installation package 'COPY.msi'.

Error - 8/11/2012 2:07:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11706
Description = Product: Sonic RecordNow Copy -- Error 1706. An installation package
for the product Sonic RecordNow Copy cannot be found. Try the installation again
using a valid copy of the installation package 'COPY.msi'.

Error - 8/11/2012 2:08:20 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11706
Description = Product: Sonic RecordNow Copy -- Error 1706. An installation package
for the product Sonic RecordNow Copy cannot be found. Try the installation again
using a valid copy of the installation package 'COPY.msi'.

Error - 8/11/2012 2:09:01 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11706
Description = Product: Sonic RecordNow Copy -- Error 1706. An installation package
for the product Sonic RecordNow Copy cannot be found. Try the installation again
using a valid copy of the installation package 'COPY.msi'.

Error - 8/11/2012 2:29:38 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.com, version 3.2.56.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2012 2:29:43 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.com, version 3.2.56.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/11/2012 2:14:06 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {F3A614DC-ABE0-11D2-A441-00C04F795683}.
The
error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe
-Embedding

Error - 8/11/2012 2:14:08 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {E43F0C6B-9299-4C33-96FD-04C7CDBB7E09}.
The
error: "%3" Happened while starting this command: "c:\Program Files\HP\Digital Imaging\bin\HPZISMGR.EXE"
-Embedding

Error - 8/11/2012 10:32:27 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto-Protect Service service failed to start
due to the following error: %%3

Error - 8/11/2012 10:32:27 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The SAVRTPEL service failed to start due to the following error: %%3

Error - 8/11/2012 10:32:27 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Intel Quick Resume Technology Drivers service failed to start
due to the following error: %%3

Error - 8/11/2012 10:43:18 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto-Protect Service service failed to start
due to the following error: %%3

Error - 8/11/2012 10:43:18 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The SAVRTPEL service failed to start due to the following error: %%3

Error - 8/11/2012 10:43:18 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Intel Quick Resume Technology Drivers service failed to start
due to the following error: %%3

Error - 8/11/2012 10:43:22 AM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/11/2012 10:43:22 AM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

Hi! Please keep all posts in this thread!!

ComboFix

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.
  

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:
  

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

ComboFix 12-08-13.01 - HP_Administrator 08/13/2012 21:36:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1593 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administration\Local Settings\Application Data\Google
c:\documents and settings\Administration\Local Settings\Application Data\Google\AXEL.DAV
c:\documents and settings\Administration\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\Administration\WINDOWS
c:\documents and settings\Administration\WINDOWS\AXEL.DAV
c:\documents and settings\Administration\WINDOWS\system\AXEL.DAV
c:\documents and settings\Administrator\Local Settings\Application Data\Google
c:\documents and settings\Administrator\Local Settings\Application Data\Google\AXEL.DAV
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Administrator\WINDOWS\AXEL.DAV
c:\documents and settings\Administrator\WINDOWS\system\AXEL.DAV
c:\documents and settings\All Users\Application Data\Sonic
c:\documents and settings\All Users\Application Data\Sonic\AXEL.DAV
c:\documents and settings\All Users\Application Data\Sonic\license.dat
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Default User\WINDOWS\AXEL.DAV
c:\documents and settings\Default User\WINDOWS\system\AXEL.DAV
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS\AXEL.DAV
c:\documents and settings\HP_Administrator\WINDOWS\system\AXEL.DAV
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AXEL.DAV
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS\AXEL.DAV
c:\windows\system32\config\systemprofile\WINDOWS\system\AXEL.DAV
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\AXEL.DAV
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-11 23:46 . 2012-08-11 23:46 -------- d-----w- C:\5f6b09a2e206deb299560a261240703b
2012-08-11 08:01 . 2012-08-12 14:31 -------- d-----w- C:\Program Files
2012-08-11 08:00 . 2012-08-11 20:12 -------- d-----w- C:\Documents and Settings
2012-08-11 08:00 . 2012-08-11 08:00 -------- d-----w- C:\CMPNENTS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-07-26 14:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-07-26 14:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-07-26 14:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"nwiz"="nwiz.exe" [2005-12-14 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-03 73392]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-07-26 1061960]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-8-11 10974280]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
.
c:\documents and settings\Administration\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
ReSchedHPSU.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [8/11/2012 2:18 PM 11352]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/14/2012 9:59 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/14/2012 9:59 AM 497320]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/25/2012 4:46 AM 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/25/2012 4:46 AM 681056]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S?4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*Deregistered* - comHost
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113099574-2914452090-2708253897-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 16:31]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113099574-2914452090-2708253897-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 16:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B4D06A05B-2610-C60F-7AB8-F31313B06BF6%7D%26lang%3Den%26browser%3D2%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dfalse%26brand%3DCHFX%26installdataindex%3Ddefaultbrowser/update2/installers/ChromeSetup.exe
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: LastPass - file://c:\documents and settings\HP_Administrator\Local Settings\Application Data\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\HP_Administrator\Local Settings\Application Data\LastPass\context.html?cmd=fillforms
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HPHUPD08 - c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
HKLM-Run-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 21:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-08-13 21:46:05
ComboFix-quarantined-files.txt 2012-08-14 01:46
.
Pre-Run: 233,039,011,840 bytes free
Post-Run: 233,371,435,008 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 410B57C00D9373DA43F834C440715142

ComboFix Script

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.
  

ComboFix 12-08-14.03 - HP_Administrator 08/14/2012 13:10:03.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1629 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-11 23:46 . 2012-08-11 23:46 -------- d-----w- C:\5f6b09a2e206deb299560a261240703b
2012-08-11 08:01 . 2012-08-12 14:31 -------- d-----w- C:\Program Files
2012-08-11 08:00 . 2012-08-11 20:12 -------- d-----w- C:\Documents and Settings
2012-08-11 08:00 . 2012-08-11 08:00 -------- d-----w- C:\CMPNENTS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-07-26 14:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-07-26 14:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-07-26 14:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"nwiz"="nwiz.exe" [2005-12-14 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-03 73392]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-07-26 1061960]
"ISW"="" [BU]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-8-11 10974280]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
.
c:\documents and settings\Administration\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
ReSchedHPSU.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-13 26]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [8/11/2012 2:18 PM 11352]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/14/2012 9:59 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/14/2012 9:59 AM 497320]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/25/2012 4:46 AM 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/25/2012 4:46 AM 681056]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*Deregistered* - comHost
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113099574-2914452090-2708253897-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 16:31]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113099574-2914452090-2708253897-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-11 16:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B4D06A05B-2610-C60F-7AB8-F31313B06BF6%7D%26lang%3Den%26browser%3D2%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dfalse%26brand%3DCHFX%26installdataindex%3Ddefaultbrowser/update2/installers/ChromeSetup.exe
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: LastPass - file://c:\documents and settings\HP_Administrator\Local Settings\Application Data\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\HP_Administrator\Local Settings\Application Data\LastPass\context.html?cmd=fillforms
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 13:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\MPR.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(920)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1760)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\nview.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\msi.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\runclose.ocx
c:\windows\web\wallpaper\welcome\AWhelper.dll
c:\windows\system32\nvwddi.dll
.
Completion time: 2012-08-14 13:18:15
ComboFix-quarantined-files.txt 2012-08-14 17:18
ComboFix2.txt 2012-08-14 01:46
.
Pre-Run: 233,390,460,928 bytes free
Post-Run: 233,381,801,984 bytes free
.
- - End Of File - - C6ACEC15A2603469DDB5D9D0154C8AB3

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

• Double-click the Setup file to install it on your computer.
  
• Once it has installed, review and accept the agreement and press the Start button.
  
• You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
  
  
• On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
  
  
• On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
  
  
• Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  
• Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
  
  
• Then, choose Save. Also, in the Automatic Report tab, select Save:
  
  
• Please post the reports in your next reply.
  
• Once you exit, the tool should uninstall automatically.

Status: Vulnerability (events: 1)
8/15/2012 6:01:23 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/25215 D:\I386\APPS\APP01438\src\NAV\External\NORTON\APP\NAVComUI.dll Low

Good job!

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

I still cannot run a full (destructive) system recovery, which is what initially brought this post about. With about 17:30 left for it to run it I get an error:

"Microsoft Visual C++ Runtime Library
Runtime Error
Program: C:\minint\system32\restore.exe
abnormal program termination"


PARTIAL recovery DOES occur, as closing out the terminated recovery takes me to a bunch of "new computer setup" type screens, and any settings that I had previously set up on the machine are now gone.


Once Windows finishes loading (EVERY time it loads) I get two identical windows that pop up one after the other stating something like:

Windows cannot open this file
File: axel.dav
What do you want to do?
O Use a web service to determine which program to open this file with
or
O Select the program from a list


I also still get repeated regular pop-up notifications:

"Low disk space (D:)"


My fan(s) still run high much of the time.


Task Manager --> Processes shows that the image System Idle Process is at 99% of CPU and the top two images under Memory use are explorer.exe, followed closely by svhost.exe, with a sharp decline is usage after those.


The machine has never really seemed to run what I'd call slow (at least when browsing the web), just noisily from the fans.


I can't run Windows Update, because I can't run IE, as it is too old a version, and I can't update it because I can't get SP3, because I can't run Win. Update. I'm caught in a vicious cycle and really need to recover completely and start over.

Would you post screenshots, please?

Please run OTL

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
  %AppData%\Local\
  %systemroot%\system32\sysprep
  *.xpi /md5
  %systemroot%\Downloaded Program Files\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\drivers\*.sys /90
  %systemroot%\System32\config\*.sav
  %SYSTEMDRIVE%\*.exe /md5
  "%WinDir%\$NtUninstallKB*$." /30
  %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\Installer\ /s
  %systemroot%\system32\Cache\ /s
  %systemroot%\system32\config\systemprofile\Application Data /s
  %PROGRAMFILES%\*.
  %appdata%\*.*
  /md5start
  volsnap.sys
  services.exe
  userinit.exe
  afd.sys
  tcpip.sys
  netbt.sys
  ipsec.sys
  dnsrslvr.dll
  ipnathlp.dll
  netman.dll
  WMIsvc.dll
  srsvc.dll
  sr.sys
  wscsvc.dll
  wuauserv.dll
  qmgr.dll
  es.dll
  cryptsvc.dll
  svchost.exe
  rpcss.dll
  tdx.sys
  wininit.exe
  winlogon.exe
  atapi.sys
  explorer.exe
  /md5stop
  
• Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    
  
  

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

1) Remind me of what OTL was again.

2) Which screenshots would you like to see?

Found and remember using OTL now. Just need to know which screenshots you want to see.

OTL logfile created on: 8/17/2012 11:12:21 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.81% Memory free
3.84 Gb Paging File | 3.43 Gb Available in Paging File | 89.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.33 Gb Total Space | 217.72 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive D: | 8.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: GRSHPPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 11:09:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.com
PRC - [2012/08/03 12:37:56 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/08/03 12:08:00 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/07/14 09:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/07/14 09:59:08 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2004/10/25 16:17:56 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
PRC - [2004/09/29 23:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 19:15:26 | 001,650,688 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\avsys\update\updsdk.dll
MOD - [2005/12/14 17:51:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/12/14 17:51:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/08/30 07:13:42 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2005/08/06 01:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 00:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 00:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/08/12 18:25:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2012/08/03 12:37:56 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/07/14 09:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2004/09/29 23:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - File not found [Kernel | Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060104.006\NavEx15.Sys -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060104.006\NAVENG.Sys -- (NAVENG)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/03 12:08:02 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/07/14 09:59:44 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/01/09 18:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/01/09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2006/02/13 21:51:50 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/01/13 20:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/08 17:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 17:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 17:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 17:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 17:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/10/20 19:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/08/17 10:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: LastPass = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: )
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe File not found
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe File not found
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe File not found
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run File not found
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File not found
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT" File not found
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r File not found
O4 - HKLM..\Run: [PinInit] c:\hp\bin\cloaker.exe c:\hp\bin\PinToStart.bat File not found
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd File not found
O4 - HKLM..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AXEL.DAV ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ReSchedHPSU.lnk = File not found
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\AXEL.DAV ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html File not found
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html File not found
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html File not found
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html File not found
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECF9DB4-8774-4D50-A347-40F24A6A358E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 21:34:35 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
[2012/08/17 10:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\LastPass
[2012/08/17 10:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LastPass
[2012/08/17 10:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
[2012/08/17 10:09:35 | 000,011,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys
[2012/08/17 10:09:34 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2012/08/17 10:09:29 | 000,485,808 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/08/17 10:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/08/17 10:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ForceField Shared Files
[2012/08/17 10:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\CheckPoint
[2012/08/17 10:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/08/17 10:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/08/17 10:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/08/17 10:00:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/17 09:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads
[2012/08/17 09:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Google Chrome
[2012/08/17 09:51:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/08/17 09:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2012/08/16 17:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/08/16 17:21:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/16 16:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2012/08/16 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012/08/16 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Palo Alto Software
[2012/08/16 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/08/16 16:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2012/08/16 16:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/08/16 16:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/08/16 16:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012/08/16 16:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/08/16 16:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/16 16:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/08/16 16:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/08/16 16:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/08/16 16:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/08/16 16:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/08/16 16:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/08/16 16:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/16 16:09:55 | 000,000,000 | ---D | C] -- C:\Program Files
[2012/08/16 16:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/08/16 16:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/16 16:09:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/08/16 16:09:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/08/16 16:09:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\User's Guides
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Snapfish for your photos
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2006
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Help & Tools
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Services
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Netscape
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\My HP Games
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\muvee Technologies
[2012/08/16 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/08/16 16:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/08/16 16:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/08/16 16:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/08/16 16:09:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/08/16 16:09:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel(R) Matrix Storage Manager
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP Rhapsody
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/08/16 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/08/16 16:09:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/08/16 16:09:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/08/16 16:09:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/08/16 16:09:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/08/16 16:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2012/08/16 16:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2012/08/16 16:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2012/08/16 16:09:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/08/16 16:09:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/08/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2012/08/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012/08/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2012/08/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2012/08/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2012/08/16 16:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/08/16 16:08:56 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/08/16 16:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/08/16 16:08:25 | 000,000,000 | ---D | C] -- C:\CMPNENTS
[2012/08/16 16:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2012/08/16 16:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/08/16 16:08:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/08/16 16:08:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/08/16 16:08:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/08/16 16:08:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/08/16 16:08:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012/08/16 16:08:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/08/16 16:08:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/08/16 16:08:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/08/16 16:08:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/08/16 16:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/08/16 16:07:41 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/08/16 16:07:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/08/16 16:07:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/08/16 16:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/08/16 16:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/08/16 16:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/08/16 16:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2012/08/16 16:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/08/16 16:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/08/16 16:07:34 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/08/16 16:07:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/08/16 16:07:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2012/08/16 16:07:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/08/16 16:07:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/08/16 16:07:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/08/16 16:07:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/08/16 16:06:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386
[2012/08/16 16:06:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\HPCPCUninstall-9972322
[2012/08/16 16:06:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/08/16 16:05:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/08/16 16:05:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/08/16 16:05:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/08/16 16:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/08/16 16:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/08/16 16:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\CREATOR
[2012/08/16 16:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/08/16 16:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/08/16 16:05:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/08/16 16:05:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012/08/16 16:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/08/16 16:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/08/16 16:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Web
[2012/08/16 16:05:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/08/16 16:05:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/08/16 16:05:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/08/16 16:05:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/08/16 16:05:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pcintro
[2012/08/16 16:05:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/08/16 16:05:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/08/16 16:05:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/08/16 16:05:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/08/16 16:05:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/08/16 16:05:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/08/16 16:05:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/08/16 16:05:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/08/16 16:05:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/08/16 16:05:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/08/16 16:04:32 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/08/16 16:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/08/16 16:04:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/08/16 16:04:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/08/16 16:04:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/08/16 16:04:28 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] --

C:\WINDOWS\System32\ReinstallBackups
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/08/16 16:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2012/08/16 16:04:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/08/16 16:04:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/08/16 16:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/08/16 16:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/08/16 16:03:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/08/16 16:03:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/08/16 16:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/08/16 16:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/08/16 16:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf
[2012/08/16 16:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/08/16 16:03:07 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/08/16 16:03:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts
[2012/08/16 13:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2012/08/16 13:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2012/08/16 13:25:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2012/08/16 13:25:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Cookies
[2012/08/16 13:25:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\SendTo
[2012/08/16 13:25:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2012/08/16 13:25:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Application Data
[2012/08/16 13:25:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
[2012/08/16 13:25:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu
[2012/08/16 13:25:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2012/08/16 13:25:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2012/08/16 13:25:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2012/08/16 13:25:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents
[2012/08/16 13:25:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Favorites
[2012/08/16 13:25:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Accessories
[2012/08/16 13:25:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Templates
[2012/08/16 13:25:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\PrintHood
[2012/08/16 13:25:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\NetHood
[2012/08/16 13:25:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WINDOWS
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wildtangent
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Online Services
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2012/08/16 13:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2012/08/16 13:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\windows nt
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\system
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\speechengines
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2012/08/16 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\internet explorer
[2012/08/16 13:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/08/03 12:08:02 | 000,526,640 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 11:04:01 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1193780334-1537497407-278222325-1008UA.job
[2012/08/17 11:02:29 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/17 11:02:29 | 000,000,178 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/08/17 11:02:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/17 10:09:59 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/08/17 10:05:58 | 000,415,877 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/08/17 10:05:44 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/17 10:04:17 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2012/08/17 10:04:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1193780334-1537497407-278222325-1008Core.job
[2012/08/17 10:00:36 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/17 09:56:52 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2012/08/17 09:56:52 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/17 09:48:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/16 13:29:41 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/16 13:29:41 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/16 13:25:48 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/16 13:25:44 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/08/16 13:25:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/16 13:24:40 | 000,001,197 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/08/16 13:24:38 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/08/03 12:08:02 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 10:09:59 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/08/17 10:04:33 | 000,415,877 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/08/17 10:04:17 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2012/08/17 10:00:36 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/08/17 09:56:52 | 000,002,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2012/08/17 09:56:52 | 000,002,354 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/17 09:54:55 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1193780334-1537497407-278222325-1008UA.job
[2012/08/17 09:54:55 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1193780334-1537497407-278222325-1008Core.job
[2012/08/17 09:48:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/16 17:23:16 | 000,000,178 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/08/16 13:25:26 | 000,000,026 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\AXEL.DAV
[2012/08/16 13:25:25 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2012/08/16 13:25:25 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\3 Month Trial AOL Music Now.lnk
[2012/08/16 13:25:25 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/08/16 13:25:25 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2012/08/16 13:25:25 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Rhapsody.lnk
[2012/08/16 13:25:25 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/16 13:25:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/16 13:25:25 | 000,000,026 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AXEL.DAV
[2012/08/16 13:25:25 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AXEL.DAV
[2012/08/16 13:25:25 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\AXEL.DAV
[2012/08/16 13:25:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2012/08/16 13:25:24 | 000,000,026 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AXEL.DAV
[2012/08/16 13:25:24 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\AXEL.DAV
[2012/08/16 13:25:22 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/08/16 13:25:22 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/08/16 13:25:22 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/08/16 13:25:22 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/08/16 13:25:22 | 000,000,026 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\AXEL.DAV
[2012/08/16 13:25:22 | 000,000,026 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AXEL.DAV
[2006/02/13 20:44:19 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AXEL.DAV
[2006/02/13 20:44:19 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\AXEL.DAV
[2006/02/13 20:44:18 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AXEL.DAV
[2006/02/13 20:44:18 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\AXEL.DAV
[2005/11/14 21:08:44 | 000,000,026 | ---- | C] () -- C:\Program Files\AXEL.DAV
[2005/11/14 21:06:18 | 000,000,026 | ---- | C] () -- C:\Program Files\Common Files\AXEL.DAV
[2005/11/14 21:05:18 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\All Users\AXEL.DAV
[2005/11/14 21:04:36 | 000,000,026 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\AXEL.DAV

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4WY56ANC2F6RZA7CDQU7UIP47Y\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4WY56ANC2F6RZA7CDQU7UIP47Y\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4WY56ANC2F6RZA7CDQU7UIP47Y\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4WY56ANC2F6RZA7CDQU7UIP47Y\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/10 00:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/10 00:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/10 00:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4WY56ANC2F6RZA7CDQU7UIP47Y\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4WY56ANC2F6RZA7CDQU7UIP47Y\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4WY56ANC2F6RZA7CDQU7UIP47Y\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.4WY56ANC2F6RZA7CDQU7UIP47Y\shell\open\command\\: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/10 00:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/10 00:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/10 00:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >
[2005/08/30 16:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/30 16:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

< %SYSTEMDRIVE%\*.exe /md5 >
[2005/12/27 03:21:54 | 007,477,561 | ---- | M] (Intel Corporation ) MD5=9398064AECBFEA5565E341B99A5C8B3C -- C:\setup_all.exe

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2012/08/16 16:09:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/08/17 10:04:22 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2012/08/16 13:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/08/16 13:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\internet explorer
[2012/08/17 10:10:02 | 000,000,000 | ---D | M] -- C:\Program Files\LastPass
[2012/08/16 13:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/08/16 13:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\movie maker
[2012/08/16 13:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
[2012/08/16 13:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\netmeeting
[2012/08/16 13:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\outlook express
[2012/08/16 13:25:44 | 000,000,000 | ---D | M] -- C:\Program Files\windows media player
[2012/08/16 13:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\windows nt
[2012/08/16 13:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2006/02/13 21:57:30 | 000,000,026 | RH-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\AXEL.DAV
[2005/08/30 16:52:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini

< MD5 for: AFD.SYS >
[2004/08/10 00:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\system32\dllcache\afd.sys
[2004/08/10 00:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\system32\drivers\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/10 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 00:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/10 00:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2004/08/10 00:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2004/08/10 00:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2004/08/10 00:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\system32\dnsrslvr.dll

< MD5 for: ES.DLL >
[2005/07/26 07:39:45 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=34BBD9ACC1538818F2C878898C64E793 -- C:\WINDOWS\system32\dllcache\es.dll
[2005/07/26 07:39:45 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=34BBD9ACC1538818F2C878898C64E793 -- C:\WINDOWS\system32\es.dll
[2012/08/14 00:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
[2005/07/26 07:20:28 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=95F5FEA4C6DE2C3F28784D0DCC8F0DD3 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
[2004/08/10 00:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS\$NtUninstallKB902400$\es.dll

< MD5 for: EXPLORER.EXE >
[2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/04/29 11:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/10 00:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\system32\dllcache\ipnathlp.dll
[2004/08/10 00:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2004/08/10 00:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2004/08/10 00:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys

< MD5 for: NETBT.SYS >
[2004/08/10 00:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys
[2004/08/10 00:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2004/08/10 00:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\system32\dllcache\netman.dll
[2004/08/10 00:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\system32\netman.dll

< MD5 for: QMGR.DLL >
[2004/08/10 00:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2004/08/10 00:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2004/08/10 00:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/07/26 07:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/07/26 07:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2005/07/26 07:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\system32\rpcss.dll

< MD5 for: SERVICES.EXE >
[2004/08/10 00:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\dllcache\services.exe
[2004/08/10 00:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\services.exe

< MD5 for: SR.SYS >
[2004/08/10 00:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\system32\dllcache\sr.sys
[2004/08/10 00:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\system32\drivers\sr.sys

< MD5 for: SRSVC.DLL >
[2004/08/10 00:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\system32\dllcache\srsvc.dll
[2004/08/10 00:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2004/08/10 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/10 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
[2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: TCPIP.SYS >
[2005/03/14 03:55:08 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=0E66B538096A6529D1AC66E78EB0D5C8 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2005/03/14 03:55:08 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=0E66B538096A6529D1AC66E78EB0D5C8 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2005/03/14 04:17:17 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=6129E70F3D2F1E60860C930EBEAF92C2 -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2004/08/10 00:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/10 00:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/10 00:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2004/08/10 00:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2004/08/10 00:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/10 00:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/10 00:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

< MD5 for: WMISVC.DLL >
[2004/08/10 00:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\system32\dllcache\wmisvc.dll
[2004/08/10 00:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\system32\wbem\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2004/08/10 00:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\system32\dllcache\wscsvc.dll
[2004/08/10 00:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/10 00:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\system32\dllcache\wuauserv.dll
[2004/08/10 00:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\system32\wuauserv.dll

< End of report >

OTL Extras logfile created on: 8/17/2012 11:12:21 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.81% Memory free
3.84 Gb Paging File | 3.43 Gb Available in Paging File | 89.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.33 Gb Total Space | 217.72 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive D: | 8.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: GRSHPPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML.4WY56ANC2F6RZA7CDQU7UIP47Y] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel® Viiv™ Software
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"DISCover" = DISCover
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"LastPass" = LastPass (uninstall only)
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PROSet" = Intel(R) PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2012 9:50:26 AM | Computer Name = GRSHPPC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2802, fault address 0x0009cabb.

Error - 8/17/2012 10:00:36 AM | Computer Name = GRSHPPC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF56 Description:. 0x8004FF56.

[ System Events ]
Error - 8/17/2012 10:04:26 AM | Computer Name = GRSHPPC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 8/17/2012 10:04:26 AM | Computer Name = GRSHPPC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\CheckPoint\ZAForceField\ZDXUI.dll.
Reference
error message: The operation completed successfully. .

Error - 8/17/2012 10:07:29 AM | Computer Name = GRSHPPC | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto-Protect Service service failed to start
due to the following error: %%3

Error - 8/17/2012 10:07:29 AM | Computer Name = GRSHPPC | Source = Service Control Manager | ID = 7000
Description = The SAVRTPEL service failed to start due to the following error: %%3

Error - 8/17/2012 10:07:29 AM | Computer Name = GRSHPPC | Source = Service Control Manager | ID = 7000
Description = The Intel® Quick Resume Technology Drivers service failed to start
due to the following error: %%3

Error - 8/17/2012 10:59:45 AM | Computer Name = GRSHPPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/17/2012 10:59:49 AM | Computer Name = GRSHPPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/17/2012 11:03:57 AM | Computer Name = GRSHPPC | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto-Protect Service service failed to start
due to the following error: %%3

Error - 8/17/2012 11:03:57 AM | Computer Name = GRSHPPC | Source = Service Control Manager | ID = 7000
Description = The SAVRTPEL service failed to start due to the following error: %%3

Error - 8/17/2012 11:03:57 AM | Computer Name = GRSHPPC | Source = Service Control Manager | ID = 7000
Description = The Intel® Quick Resume Technology Drivers service failed to start
due to the following error: %%3


< End of report >

Once Windows finishes loading (EVERY time it loads) I get two identical windows that pop up one after the other stating something like:

Windows cannot open this file
File: axel.dav
What do you want to do?
O Use a web service to determine which program to open this file with
or
O Select the program from a list

For this is what I wanted screenshots for. Don't worry...I now know the issue...

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :OTL
  O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AXEL.DAV ()
  O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\AXEL.DAV ()
  O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
  O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
  O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
  O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
  [2012/08/16 13:25:25 | 000,000,026 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AXEL.DAV
  [2012/08/16 13:25:25 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AXEL.DAV
  [2012/08/16 13:25:25 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\AXEL.DAV
  [2012/08/16 13:25:24 | 000,000,026 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AXEL.DAV
  [2012/08/16 13:25:24 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\AXEL.DAV
  [2012/08/16 13:25:22 | 000,000,026 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\AXEL.DAV
  [2012/08/16 13:25:22 | 000,000,026 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AXEL.DAV
  [2006/02/13 20:44:19 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AXEL.DAV
  [2006/02/13 20:44:19 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\AXEL.DAV
  [2006/02/13 20:44:18 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AXEL.DAV
  [2006/02/13 20:44:18 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\AXEL.DAV
  [2005/11/14 21:08:44 | 000,000,026 | ---- | C] () -- C:\Program Files\AXEL.DAV
  [2005/11/14 21:06:18 | 000,000,026 | ---- | C] () -- C:\Program Files\Common Files\AXEL.DAV
  [2005/11/14 21:05:18 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\All Users\AXEL.DAV
  [2005/11/14 21:04:36 | 000,000,026 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\AXEL.DAV
  
  :commands
  [emptytemp]
  [reboot]
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Then, do this scan with OTL:

Please open OTL -- Click the None button and paste this in the Custom Scans/Fixes box:

c:\axel.dav /s

Then click Run Scan. It shall launch a log. Please post it in your next reply.

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AXEL.DAV moved successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\AXEL.DAV moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AXEL.DAV moved successfully.
C:\Documents and Settings\HP_Administrator\Desktop\AXEL.DAV moved successfully.
C:\Documents and Settings\HP_Administrator\AXEL.DAV moved successfully.
C:\Documents and Settings\HP_Administrator\My Documents\AXEL.DAV moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\AXEL.DAV moved successfully.
File C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\AXEL.DAV not found.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AXEL.DAV moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\AXEL.DAV moved successfully.
C:\Documents and Settings\LocalService\Application Data\AXEL.DAV moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\AXEL.DAV moved successfully.
C:\Documents and Settings\NetworkService\Application Data\AXEL.DAV moved successfully.
C:\Program Files\AXEL.DAV moved successfully.
C:\Program Files\Common Files\AXEL.DAV moved successfully.
C:\Documents and Settings\All Users\AXEL.DAV moved successfully.
C:\Documents and Settings\All Users\Application Data\AXEL.DAV moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 31311 bytes
->Temporary Internet Files folder emptied: 32820 bytes

User: All Users

User: Default User
->Temp folder emptied: 31311 bytes
->Temporary Internet Files folder emptied: 32820 bytes

User: Guest
->Temp folder emptied: 1160407 bytes
->Temporary Internet Files folder emptied: 32954 bytes

User: HP_Administrator
->Temp folder emptied: 28357577 bytes
->Temporary Internet Files folder emptied: 3261681 bytes
->Google Chrome cache emptied: 135607856 bytes
->Flash cache emptied: 300 bytes

User: LocalService
->Temp folder emptied: 1050242 bytes
->Temporary Internet Files folder emptied: 32954 bytes

User: NetworkService
->Temp folder emptied: 983762 bytes
->Temporary Internet Files folder emptied: 26 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1230326 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 31311 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33326 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 164.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08172012_171822

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF3738.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT07f33.TMP not found!

PendingFileRenameOperations files...
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF3738.tmp not found!
File C:\WINDOWS\temp\ZLT07f33.TMP not found!

Registry entries deleted on Reboot...

I HAVE TRIED REPEATEDLY TO SEND THE 2ND LOG AS SUMMARIZED BELOW, BUT IT KEEPS GETTING REJECTED AS BEING "TOO LONG".

THOUGHTS?


THE OTL logfile created on: 8/17/2012 5:39:33 PM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.32% Memory free
3.84 Gb Paging File | 3.22 Gb Available in Paging File | 83.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.33 Gb Total Space | 217.90 Gb Free Space | 97.13% Space Free | Partition Type: NTFS
Drive D: | 8.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: GRSHPPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

Upload it to www.mediafire.com and post the download link here please.

Sorry, please retry that. It says "Invalid or Deleted File".

Had to run OTL w/ c:\axel.dav /s again, as I did not save the original log. Hope this still gives results you need. Link:


http://www.mediafire.com/?h52s03s4tt26xz2

Let's try this... it will delete all occurrences of axel.dav on your drive...

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :files
  c:\axel.dav /s
  
  :commands
  [emptytemp]
  [reboot]
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
  
• Ran OTC
  
• Ran CCleaner
  
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

Cleaned old restore points. Ran OTC, CCleaner, and Security Chk. Log below.

Cooling fan still running high.

Should I try System Recovery now?


Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
Z
o
n
e
A
l
a
r
m
ECHO is off.
F
r
e
ECHO is off.
F
i
r
e
w
a
l
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
N
o
r
t
o
n
ECHO is off.
I
n
t
e
r
n
e
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
2
0
6
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

I might also add that the D disc/recovery partition is completely full with zero bytes free space showing in its "properties". Total fragmentation is 13%, but I cannot run defrag it, as it needs 15% of the space free to run. It advises me to remove some unnecessary files to free up space.

I looked at the folders on D and ALMOST ALL of the full drive's contents are in two folders: PRELOAD and I386.

Image of D drive contents: http://www.mediafire.com/?xboc4jld3lqv8sc

That should be the Recovery drive, right?

Yes, the D drive, or recovery drive/partition. I guess my original colon and letter D got turned into an emoticon.

Now, I'm confused. AXEL.DAV showing up on D:\ drive too?

Sorry if I've confused you.

I've run the four scans you requested and posted the log for Security Check by screen317 for you to see.

You also wanted to know how my machine is running, to which I replied that the fan(s) were still racing high periodically, and I am still getting a pop-up in the notification area about low disc space on the D drive.

Investigating the D drive, I found that it is completely full and has ZERO free space available. Of approximately 8.5 GB of files 7.5 GB of those are taken up by the folders PRELOAD and I386. I had previously posted a mediafire file of the screenshot of the D drive contents. Did you see it?

To reply to your question about axel.dav on the D drive, I don't know if it is (or was) on there. A windows file search of C and D for "axel.dav" just now showed zero results found, so I think that is all gone.

Now all I'm aware of is the full D drive and high fan noise. If I could solve that and be able to run a system recovery I would be happy.

It is customary for a Recovery partition to be almost full. You have the option of expanding that partition if you like, but it doesn't surprise me that it's almost full.

Do you have a Desktop or Laptop PC?

Probably would be best to clean the fans with canned air.

My machine is a desktop.

You've probably seen the folders on my D drive @:

http://www.mediafire.com/?fzx5vfvb19l3uud

. . . and you don't think any of those aren't necessary or supposed to be there and can be deleted?

The pop-up in the notification area tells me that it is TOO full. If all the files in there are necessary and belong there, then what do I do to expand the partition?

As far as the fans go, I thought they were racing due to the full D drive. I never thought that they might just be dirty. If that's the case I'll try the canned air.

My ultimate goal was to do a complete system recovery. Do you see any reason why I can't do that now?

It can be done, yes.

The full D: drive is not a big deal. It's probably just a partition.

So, you're saying I can go ahead and try the system resrore now?

I assume returning the machine to the mfg's original settings would clear up the full D drive situation , too?

Correction to last post: I said system restore, but I meant system RECOVERY.

Worth a try. Go ahead. Do you want to try to backup data first? Might want to. Then go ahead and try.

Already done a recovery -- successfully I might add. I'm going to try some canned air on those fans -- the only issue left!

I want to thank you most sincerely for all your help, DragonMaster Jay!! I shall bookmark your site in case I ever get into trouble with a PC again.

One question, though. Throughout all of this troubleshooting and posting I've found myself wondering what you get out of running this forum and helping people out with their computer issues? Just curious . . .

Thank you again for all your help. Consider your forum RECOMMENDED!!

For me, I get nothing. Sadly, the administrator takes all profits, in addition to putting some towards the operation of this site.

I run one other site, which I make nothing at right now, not even ad revenue. I also am a staff member of another forum, and I occasionally get donations towards my work.

Personal Tips on Preventing Malware (my writings)

See this page for more info about malware and prevention.