1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Computer Powers Down By Itself

Discussion in 'Malware and Virus Removal Archive' started by writeman47, 2010/07/06.

Page 1 of 2
  1. 2010/07/06
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    [Resolved] Computer Powers Down By Itself

    My computer powers itself off at random times while I'm multi-tasking and also overnight when my malware/antivirus checks and backup program run. I've checked internal temperature and it's OK. I've increased my RAM from 1 1/2 to 2GB without effect. Any help would be greatly appreciated. Thank you.

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by HP_Administrator at 8:35:18.45 on Tue 07/06/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.924 [GMT -4:00]

    AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
    AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
    FW: Webroot AntiVirus with Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

    ============== Running Processes ===============

    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Executive Software\Diskeep\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\PGPserv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\TiVo\Desktop\Plus\TranscodingService.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP\hbagent.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\WINDOWS\EHOME\EHTRAY.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_SERVER.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMDiag.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE4.0\OPWARESE4.EXE
    C:\PROGRAM FILES\HP DIGITALMEDIA ARCHIVE\DMASCHEDULER.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\GetRight\GetRight.exe
    C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web

    printing\hpswp_printenhancer.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and

    settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

    shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

    files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web

    printing\hpswp_BHO.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
    uRun: [Rapportexe] "c:\program files\trusteer\rapport\bin\RapportService.exe" -start -after_boot
    uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
    uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    uRun: [TivoTransfer] "c:\program files\tivo\desktop\TiVoTransfer.exe "
    uRun: [Handy Backup 6.0] "c:\program files\novosoft\handy backup\hbagent.exe" -logon
    mRun: [ftutil2] "c:\windows\system32\rundll32.exe" ftutil2.dll,SetWriteCacheMode
    mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE "
    mRun: [KBD] "c:\hp\kbd\KBD.EXE "
    mRun: [hpsysdrv] "c:\windows\system\hpsysdrv.exe "
    mRun: [Logitech Utility] "c:\windows\Logi_MwX.Exe "
    mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe "
    mRun: [WinPatrol] "c:\program files\billp studios\winpatrol\WinPatrol.exe" -expressboot
    mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE "
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft

    shared\works shared\WkCalRem.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with GetRight - c:\program files\getright\GRdownload.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\hp_administrator\application

    data\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

    c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

    c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
    IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program

    files\bonjour\ExplorerPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

    imaging\smart web printing\hpswp_BHO.dll
    LSP: c:\windows\system32\PGPlsp.dll
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    TCP: {0B39C4F2-A3EC-4579-805B-9BF7C764E58D} = 208.67.222.222,208.67.220.220
    TCP: {4B604EAF-89DC-4890-A3F6-8AE867A040F1} = 208.67.222.222,208.67.220.220
    TCP: {892900FC-9814-4488-99C0-81491C1EE93D} = 8.8.8.8,8.8.4.4
    TCP: {B4686077-FA46-4561-A035-7DDA665FD41A} = 8.8.8.8,8.8.4.4
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    AppInit_DLLs: pgpmapih.dll "c:\progra~1\google\google desktop search\googledesktopnetwork3.dll "
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = PGPpwflt scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\tswiyxe4.gary\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - component: c:\documents and settings\all users\application

    data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\hp_administrator\application

    data\mozilla\firefox\profiles\tswiyxe4.gary\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\all users\application

    data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071504000001.dll
    FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\hp_administrator\application

    data\mozilla\firefox\profiles\tswiyxe4.gary\extensions\{bc0ae9e6-e549-4554-a222-ea083a894683}\plugins\npQuickUpload.dll
    FF - plugin: c:\documents and settings\hp_administrator\application

    data\mozilla\firefox\profiles\tswiyxe4.gary\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
    FF - plugin: c:\documents and settings\hp_administrator\application

    data\mozilla\firefox\profiles\tswiyxe4.gary\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\hp_administrator\application

    data\mozilla\firefox\profiles\tswiyxe4.gary\extensions\warpvideo@vusion.com\platform\winnt_x86-msvc\plugins\npWARPVideoPlugin

    .dll
    FF - plugin: c:\documents and settings\hp_administrator\application data\vusion\npWARPVideoPlugin.252843.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\windows\system32\photosynth\nppsynth.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

    c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js -

    pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ",

    "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js -

    pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-18 5632]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-21 64288]
    R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2006-11-2 96256]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-13 29808]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-3-19 3968]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2008-10-23 62720]
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-1-28 13360]
    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-1-28 202928]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-1-28 69168]
    R2 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2009-11-2 1098968]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6

    4048240]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-27

    1201640]
    R3 RapportKE;RapportKE;c:\program files\trusteer\rapport\bin\RapportKE.sys [2008-10-23 101248]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]
    S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\sharshtl.sys [2007-10-17 18432]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop

    search\GoogleDesktop.exe [2009-12-23 30192]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-10-22 493568]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
    S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 95024]
    S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-6-23 90296]

    =============== Created Last 30 ================

    2010-06-30 13:56:39 0 d-----w- c:\program files\jv16 PowerTools 2010
    2010-06-29 17:43:21 0 d-----w- c:\windows\system32\wbem\Repository
    2010-06-29 17:33:09 0 d-----w- c:\program files\Trend Micro
    2010-06-24 17:40:14 0 d-----w- c:\docume~1\hp_adm~1\applic~1\DVDVideoSoftIEHelpers
    2010-06-22 00:13:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-06-21 22:37:58 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-06-21 22:34:37 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-06-11 13:51:50 0 d-----w- c:\program files\Lavalys

    ==================== Find3M ====================

    2010-06-21 22:37:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-04 12:39:27 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
    2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
    2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\dllcache\win32k.sys
    2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll
    2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-16 11:43:25 634656 ----a-w- c:\windows\system32\dllcache\iexplore.exe
    2010-04-16 11:43:23 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
    2010-04-15 20:09:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-08 14:49:59 34036 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
    2008-05-23 17:38:20 1604124 ----a-w- c:\program files\ProcessExplorer.zip
    2008-03-26 21:01:20 0 ----a-w- c:\program files\temp01
    2007-11-14 18:43:34 774144 ----a-w- c:\program files\RngInterstitial.dll
    2005-11-11 21:07:36 29732 -c--a-w- c:\program files\balloons_confetti.wmf
    2004-11-23 20:17:10 3404 -c--a-w- c:\program files\Cake_Pink.wmf
    2004-11-23 20:16:50 3404 -c--a-w- c:\program files\Cake_Blue.wmf
    2004-11-23 18:40:54 7840 -c--a-w- c:\program files\Hat.wmf
    2004-11-12 20:43:00 73740 -c--a-w- c:\program files\Hat_on_Pink_GreetingCard.wmf
    2004-11-12 20:42:02 70676 -c--a-w- c:\program files\Hat_on_Blue_GreetingCard.wmf
    2004-11-12 20:31:24 14810 -c--a-w- c:\program files\Hat_on_Yellow_NameBadge.wmf
    2004-11-12 20:22:02 15020 -c--a-w- c:\program files\Hat_on_Green_NameBadge.wmf
    2004-11-12 18:04:10 47838 -c--a-w- c:\program files\Hat_on_Green_NoteCard.wmf
    2004-11-12 15:03:38 171020 -c--a-w- c:\program files\Pink_Border_Halffold.wmf
    2004-11-12 15:01:44 170740 -c--a-w- c:\program files\Blue_Border_Halffold.wmf
    2004-07-30 15:49:28 46804 -c--a-w- c:\program files\CHAMPAGN.WMF
    2004-07-30 15:49:28 20388 -c--a-w- c:\program files\CHAMPAG1.WMF
    2004-07-30 15:49:20 9528 -c--a-w- c:\program files\Ribbons.wmf
    2004-07-30 15:49:20 4532 -c--a-w- c:\program files\USA.wmf
    2004-07-30 15:49:20 322622 -c--a-w- c:\program files\Star.wmf
    2004-07-30 15:49:20 319406 -c--a-w- c:\program files\Flag3.wmf
    2004-07-30 15:49:18 2928 -c--a-w- c:\program files\Flag2.wmf
    2004-07-30 15:49:18 207588 -c--a-w- c:\program files\Flag1.wmf
    2004-07-30 15:49:12 11982 -c--a-w- c:\program files\WAGON.WMF
    2004-07-30 15:48:50 10464 -c--a-w- c:\program files\Horsey.wmf
    2004-07-30 15:48:48 169584 -c--a-w- c:\program files\HappyBirthday_01.wmf
    2004-07-30 15:48:46 43774 -c--a-w- c:\program files\HappyBirthday01.wmf
    2004-07-30 15:48:44 7824 -c--a-w- c:\program files\Candles2.wmf
    2004-07-30 15:48:42 67128 -c--a-w- c:\program files\Cake5.wmf
    2004-07-30 15:48:42 5594 -c--a-w- c:\program files\Cake3.wmf
    2004-07-30 15:48:42 141390 -c--a-w- c:\program files\Cake.wmf
    2004-07-30 15:48:40 65118 -c--a-w- c:\program files\Balloons5.wmf
    2004-07-30 15:48:40 35850 -c--a-w- c:\program files\Birthday_Cake.wmf
    2004-07-30 15:48:40 202918 -c--a-w- c:\program files\Balloons_b.wmf
    2003-06-22 15:39:28 723 ----a-w- c:\program files\INSTALL.LOG
    2003-01-04 00:33:04 72722 ----a-w- c:\program files\StartupCPL.exe
    2000-06-16 17:26:22 271 ---ha-w- c:\program files\desktop.ini
    2000-06-16 17:26:22 23357 ---ha-w- c:\program files\folder.htt
    2006-12-02 19:49:15 22 --sha-w- c:\windows\sminst\HPCD.sys
    2008-04-01 17:44:10 23 --sha-w- c:\windows\system32\adfdcac_z.dll
    2009-02-06 19:16:34 23 --sha-w- c:\windows\system32\edacded0_x.dat
    2009-07-14 17:06:37 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-02-10 16:25:39 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2008-05-15 14:08:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local

    settings\history\history.ie5\mshist012008051520080516\index.dat
    2009-01-05 16:48:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local

    settings\history\history.ie5\mshist012009010520090106\index.dat

    ============= FINISH: 8:36:14.45 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/16/2006 7:58:18 PM
    System Uptime: 7/6/2010 7:28:12 AM (1 hours ago)

    Motherboard: ASUSTek Computer INC. | | Pyrite
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2

    | 2004/200mhz
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2

    | 2004/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 177 GiB total, 132.92 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 0.562 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is FIXED (FAT32) - 233 GiB total, 210.48 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_SBAMSVC\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_SBAMSVC\0000
    Service:

    ==== System Restore Points ===================

    RP1642: 7/1/2010 11:52:36 AM - System Checkpoint
    RP1643: 7/2/2010 1:51:06 PM - System Checkpoint
    RP1644: 7/3/2010 2:15:57 PM - System Checkpoint
    RP1645: 7/4/2010 4:12:44 PM - System Checkpoint
    RP1646: 7/5/2010 8:08:18 PM - System Checkpoint

    ==== Installed Programs ======================


    7-Zip 4.65
    Ad-Aware
    Add/Remove Pro (Freeware)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Shockwave Player 11.5
    AI RoboForm (All Users)
    Amazon Kindle For PC v1.1
    Amazon MP3 Downloader 1.0.10
    ArcSoft PhotoStudio 5.5
    AutoUpdate
    AVG Anti-Rootkit Free
    Belarc Advisor 7.2
    Bonjour
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon CanoScan Toolbox 4.9
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon ScanGear Starter
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CCleaner
    Choice Guard
    Cooliris for Internet Explorer
    Corel Paint Shop Pro X
    Coupon Printer for Windows
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CrystalDiskInfo 2.7.2c
    CueTour
    CustomerResearchQFolder
    D1300
    D1300_Help
    Diskeeper Home Edition
    DivX
    Drivers Install For Linksys Easylink Advisor
    Easy Duplicate Finder v. 2.4.1
    ebgcInfra
    ebgcRes
    ebgcSDK
    Enhanced Multimedia Keyboard Solution
    Eraser 5.8.8
    eSupportQFolder
    EVEREST Home Edition v2.20
    FileHippo.com Update Checker
    FLV Player 2.0 (build 25)
    Foxit Reader
    Free Audio CD Burner version 1.3
    Free YouTube to MP3 Converter version 3.5
    FullDPAppQFolder
    Garmin City Navigator North America NT 2009.11 Update
    Garmin Communicator Plugin
    Garmin USB Drivers
    GetRight
    GoodSync
    Google Desktop
    Google Earth Plug-in
    Google Update Helper
    Handy Backup 6.0
    HiJackThis
    Hijackthis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB981793)
    hp deskjet 5550 series (Remove only)
    HP DigitalMedia Archive
    HP Driver Diagnostics
    HP DVD Play 2.1
    HP Imaging Device Functions 7.0
    HP Memories Disc
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photosmart and Deskjet 7.0 Software
    HP Photosmart Essential
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP Print Diagnostic Utility
    HP Print Projects 1.0
    hp print screen utility
    HP Product Detection
    HP Smart Web Printing
    HP Solution Center 7.0
    HP Update
    hph_ProductContext
    hph_readme
    hph_software
    hph_software_req
    HPPhotoSmartExpress
    hpPrintProjects
    HPProductAssistant
    HpSdpAppCoreApp
    hpWLPGInstaller
    InstantShareDevices
    IrfanView (remove only)
    ISO Recorder
    Java Auto Updater
    Java(TM) 6 Update 20
    jv16 PowerTools 2009
    jv16 PowerTools 2010
    Karen's Computer Profiler
    Karen's Directory Printer
    Karen's Drive Info
    Karen's Replicator
    Karen's Time Sync
    Karen's Version Browser
    Karen's WhoIs
    LightScribe 1.4.105.1
    Linksys EasyLink Advisor 1.6 (0032)
    Logitech MouseWare 9.79.1
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Media Content
    Microsoft Publisher 2002
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft Sync Framework Runtime v1.0 (x86)
    Microsoft Sync Framework Services v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Move Media Player
    Mozilla Firefox (3.6.6)
    Mozilla Thunderbird (3.1)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Musicmatch® Jukebox
    Myst for Windows 95
    Notepad++
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    oggcodecs 0.71.0946
    OptionalContentQFolder
    Paint.NET v3.5.4
    PC Matic 1.0.0.16
    PC Pitstop Optimize 1.5
    PC Pitstop Optimize3 3.0
    PGP Desktop
    PhotoGallery
    Picasa 3
    PicaView
    QuickTime Alternative 3.2.2
    RandMap
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Revo Uninstaller 1.89
    ScanSoft OmniPage SE 4.0
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB982135)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Segoe UI
    Send To Extensions PowerToy
    SkinsHP1
    SlideShow
    SlideShowMusic
    SmartWebPrinting
    SolutionCenter
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic Update Manager
    Sonic_PrimoSDK
    Spy Sweeper Core
    Spybot - Search & Destroy
    StartupMonitor
    Status
    SyncToy 2.1 (x86)
    System Requirements Lab
    TiVo Desktop 2.8
    Toolbox
    TrayApp
    Uninstall 1.0.0.1
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB953356)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Walmart MP3 Music Downloads
    WARP Video 2
    WebFldrs XP
    WebReg
    Webroot AntiVirus with Spy Sweeper
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007

    2.2.1.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Communications Platform
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Winmail Reader 1.1.11
    WinMerge 2.12.2
    WinPatrol
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Music Jukebox

    ==== Event Viewer Messages From Past Week ========

    6/30/2010 9:06:38 AM, error: Service Control Manager [7001] - The

    Windows Media Player Network Sharing Service service depends on the

    Universal Plug and Play Device Host service which failed to start

    because of the following error: The service cannot be started, either

    because it is disabled or because it has no enabled devices associated

    with it.
    6/29/2010 1:44:56 PM, error: Service Control Manager [7026] - The

    following boot-start or system-start driver(s) failed to load: ftsata2
    6/29/2010 1:44:51 PM, error: Service Control Manager [7001] - The

    Message Queuing Triggers service depends on the Message Queuing service

    which failed to start because of the following error: The dependency

    service or group failed to start.
    6/29/2010 1:44:51 PM, error: Service Control Manager [7001] - The

    Message Queuing service depends on the NT LM Security Support Provider

    service which failed to start because of the following error: The

    service cannot be started, either because it is disabled or because it

    has no enabled devices associated with it.
    6/29/2010 1:44:51 PM, error: Service Control Manager [7000] - The

    Upload Manager service failed to start due to the following error: The

    account specified for this service is different from the account

    specified for other services running in the same process.
    6/29/2010 1:44:51 PM, error: Service Control Manager [7000] - The

    Parallel port driver service failed to start due to the following

    error: The service cannot be started, either because it is disabled or

    because it has no enabled devices associated with it.

    ==== End Of File ===========================
     
    writeman47,
    #1
  2. 2010/07/06
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,317
    Likes Received:
    252
    A failing power supply - Heat and buldging caps on the mobo can cause radom shutdowns.

    EDIT: Does it shutdown or reboot?
     
    Steve R Jones,
    #2


  3. to hide this advert.

  4. 2010/07/06
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    Power shuts down. It does not reboot. Does replacing the power supply on an older computer like this one make economic sense?
     
    writeman47,
    #3
  5. 2010/07/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Power supply could be a very reasonable culprit here, but it won't hurt, if we check for infections.

    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2010/07/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Topic has been reopened on user request.
     
    broni,
    #5
  7. 2010/07/15
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    Thank you.

    Here are the results of my MalwareBytes scan:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4312

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.11

    7/14/2010 8:48:47 AM
    mbam-log-2010-07-14 (08-48-47).txt

    Scan type: Quick scan
    Objects scanned: 160809
    Time elapsed: 7 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    As to GMER, I've tried to run it twice and both times, 10 or 15 mins into it, I suddenly got a BSOD which said Windows had been shut down because of a problem. The specifics included the following:
    STOP: 0x0000008E (0xC0000005, 0xB7F43FE2, 0xA4840AF4. 0x00000000)

    SSIDRV.SYS address B7F43FE2 base at B7F3A000, DATESTAMP 4af47b3e

    It said I should try disabling the driver, but I have no idea how to do that. Awaiting further advice.

    Thanks.
     
    writeman47,
    #6
  8. 2010/07/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7
  9. 2010/07/16
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    I have downloaded ComboFix, but every time I try to run it, it tells me that Sunbelt VIPRE is running on my machine and if I continue, I may damage my computer. I can find NO evidence of VIPRE anywhere on my computer. I've scanned using Google Desktop, Revo Uninstaller, WinPatrol, and JV16 Powertools (registry searcher). I'm stumped, but afraid to proceed.
     
    writeman47,
    #8
  10. 2010/07/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine. Run Combo anyway.
     
    broni,
    #9
  11. 2010/07/16
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    Okay, here 'tis.


    ComboFix 10-07-15.05 - HP_Administrator 07/16/2010 18:07:31.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1294 [GMT -4:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
    AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
    FW: Webroot AntiVirus with Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\INSTALL.LOG
    c:\windows\is-QODOO.exe
    c:\windows\system\hpscnmgr.dll
    c:\windows\system\hpsjrreg.exe
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\ReadMe.txt
    c:\windows\system32\SET38B.tmp
    c:\windows\system32\SET5E3.tmp
    c:\windows\system32\usp10(2).dll
    c:\windows\system32\usp10(3).dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
    .

    2010-07-16 21:23 . 2010-05-26 23:10 545280 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2010-07-16 21:23 . 2010-05-26 23:10 4687360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\libs\cooliris192.dll
    2010-07-16 21:23 . 2010-05-26 23:10 103424 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2010-07-16 21:23 . 2010-05-26 23:10 57856 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2010-07-16 21:23 . 2010-05-26 23:10 425984 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2010-07-16 21:23 . 2010-05-26 23:10 153088 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2010-07-14 13:56 . 2010-07-14 13:56 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\ArcSoft
    2010-07-14 13:53 . 2006-11-10 19:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-07-14 13:52 . 2010-07-14 14:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
    2010-07-14 13:51 . 2010-07-14 13:52 -------- d-----w- c:\program files\Common Files\ArcSoft
    2010-07-14 13:51 . 2010-07-14 13:51 -------- d-----w- c:\program files\Kodak
    2010-07-14 13:48 . 2010-07-14 13:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Media Player Classic
    2010-07-12 20:23 . 2010-07-12 20:23 -------- d-----w- c:\documents and settings\Lynne\Application Data\WinPatrol
    2010-07-09 20:10 . 2010-07-09 20:10 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sunbelt Software
    2010-07-09 20:10 . 2010-07-13 16:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-07-09 20:10 . 2010-07-06 17:29 2979280 -c----w- c:\documents and settings\All Users\Application Data\~0\Ad-AwareInstall.exe
    2010-07-08 18:31 . 2010-07-12 21:25 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\TiVo Desktop
    2010-07-08 18:31 . 2010-07-08 18:31 -------- d-----w- c:\program files\Bonjour
    2010-07-08 09:53 . 2010-07-08 09:53 -------- d-----w- c:\program files\Apple Software Update
    2010-07-07 21:13 . 2010-07-09 21:01 -------- d-----w- c:\program files\TiVo
    2010-06-30 13:56 . 2010-06-30 13:56 -------- d-----w- c:\program files\jv16 PowerTools 2010
    2010-06-29 17:43 . 2010-06-29 17:43 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-06-29 17:33 . 2010-06-29 17:33 -------- d-----w- c:\program files\Trend Micro
    2010-06-28 21:26 . 2010-06-28 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Amazon
    2010-06-24 17:40 . 2010-06-24 17:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers
    2010-06-24 15:31 . 2010-06-24 15:31 290816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2010-06-24 15:31 . 2010-06-24 15:31 290816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2010-06-24 15:31 . 2010-06-24 15:31 290816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2010-06-24 15:31 . 2010-06-24 15:31 290816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
    2010-06-22 19:57 . 2010-06-22 19:57 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-19 19:49 . 2010-06-03 14:05 343552 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-16 21:23 . 2007-11-01 20:22 188152 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\FlashGot.exe
    2010-07-16 20:20 . 2007-05-06 14:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GoodSync
    2010-07-16 17:41 . 2006-11-17 13:36 -------- d-----w- c:\program files\GetRight
    2010-07-15 21:56 . 2009-06-04 12:49 -------- d-----w- c:\program files\CrystalDiskInfo
    2010-07-14 14:28 . 2007-12-19 19:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ArcSoft
    2010-07-14 14:00 . 2006-09-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-13 19:04 . 2008-01-16 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
    2010-07-13 16:27 . 2007-09-16 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-13 16:23 . 2006-11-17 13:37 -------- d-----w- c:\program files\Lavasoft
    2010-07-12 21:25 . 2008-08-14 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TiVo
    2010-07-12 21:19 . 2006-09-22 17:57 -------- d-----w- c:\program files\Common Files\Java
    2010-07-12 21:18 . 2010-04-15 20:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-12 21:17 . 2010-07-12 21:17 0 ----a-w- c:\windows\system32\REN131.tmp
    2010-07-12 21:17 . 2010-07-12 21:17 0 ----a-w- c:\windows\system32\REN130.tmp
    2010-07-12 21:17 . 2010-07-12 21:17 0 ----a-w- c:\windows\system32\REN12F.tmp
    2010-07-12 20:49 . 2006-11-17 16:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-07-12 20:34 . 2008-08-06 22:26 -------- d-----w- c:\documents and settings\Lynne\Application Data\HPAppData
    2010-06-30 13:06 . 2007-02-28 02:37 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-06-30 12:51 . 2010-03-02 12:58 -------- d-----w- c:\program files\CCleaner
    2010-06-29 20:45 . 2006-11-17 11:51 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-06-29 17:37 . 2008-06-22 11:49 -------- d-----w- c:\program files\Amazon
    2010-06-29 17:35 . 2010-01-08 21:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2010-06-29 17:35 . 2007-10-30 17:04 -------- d-----w- c:\program files\Innovative Solutions
    2010-06-29 17:33 . 2008-11-07 19:11 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-06-29 17:33 . 2008-11-07 19:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab
    2010-06-24 17:39 . 2010-01-08 21:35 -------- d-----w- c:\program files\DVDVideoSoft
    2010-06-23 17:51 . 2006-11-17 13:39 -------- d-----w- c:\program files\PCPitstop
    2010-06-21 22:37 . 2008-10-23 09:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-06-14 14:30 . 2004-08-10 04:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-11 13:51 . 2010-06-11 13:51 -------- d-----w- c:\program files\Lavalys
    2010-06-09 13:37 . 2008-07-29 22:11 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-09 13:10 . 2007-02-22 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-31 20:33 . 2010-05-31 20:05 -------- d-----w- c:\program files\Calibrize
    2010-05-29 12:27 . 2006-11-17 13:36 -------- d-----w- c:\program files\Google
    2010-05-28 13:30 . 2007-11-03 19:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol
    2010-05-24 16:00 . 2010-05-24 16:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-05-24 16:00 . 2010-05-24 16:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-05-24 16:00 . 2010-05-24 16:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-05-24 16:00 . 2010-05-24 16:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-05-24 16:00 . 2010-03-13 18:47 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-05-24 16:00 . 2010-05-24 16:00 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-05-24 16:00 . 2010-05-24 16:00 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-05-24 16:00 . 2010-03-13 18:47 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-05-24 15:59 . 2010-05-24 15:59 -------- d-----w- c:\program files\Common Files\xing shared
    2010-05-24 15:54 . 2009-11-17 17:35 -------- d-----w- c:\program files\QuickTime Alternative
    2010-05-24 15:43 . 2008-11-11 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-22 14:17 . 2007-05-06 13:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
    2010-05-21 23:05 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-05-21 23:04 . 2010-05-21 23:04 208896 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    2010-05-21 23:04 . 2010-05-21 23:04 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
    2010-05-21 23:04 . 2010-05-21 23:04 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
    2010-05-21 23:04 . 2010-05-21 23:04 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
    2010-05-21 23:04 . 2010-05-21 23:04 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
    2010-05-21 23:04 . 2010-05-21 23:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
    2010-05-21 23:04 . 2010-05-21 23:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
    2010-05-21 23:04 . 2010-05-21 23:04 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
    2010-05-21 23:04 . 2010-05-21 23:04 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
    2010-05-04 17:20 . 2004-08-10 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20 . 2009-12-26 22:16 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-05-02 05:56 . 2010-05-21 22:41 1850880 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 19:39 . 2008-11-11 18:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39 . 2008-11-11 18:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 05:51 . 2004-08-10 04:00 285696 ----a-w- c:\windows\system32\atmfd.dll
    2008-05-23 17:38 . 2008-05-23 17:38 1604124 ----a-w- c:\program files\ProcessExplorer.zip
    2008-03-26 21:01 . 2008-03-26 21:01 0 ----a-w- c:\program files\temp01
    2007-11-14 18:43 . 2007-11-14 18:43 774144 ----a-w- c:\program files\RngInterstitial.dll
    2005-11-11 21:07 . 2005-11-11 21:07 29732 -c--a-w- c:\program files\balloons_confetti.wmf
    2004-11-23 20:17 . 2004-11-23 20:17 3404 -c--a-w- c:\program files\Cake_Pink.wmf
    2004-11-23 20:16 . 2004-11-23 20:16 3404 -c--a-w- c:\program files\Cake_Blue.wmf
    2004-11-23 18:40 . 2004-11-23 18:40 7840 -c--a-w- c:\program files\Hat.wmf
    2004-11-12 20:43 . 2004-11-12 20:43 73740 -c--a-w- c:\program files\Hat_on_Pink_GreetingCard.wmf
    2004-11-12 20:42 . 2004-11-12 20:42 70676 -c--a-w- c:\program files\Hat_on_Blue_GreetingCard.wmf
    2004-11-12 20:31 . 2004-11-12 20:31 14810 -c--a-w- c:\program files\Hat_on_Yellow_NameBadge.wmf
    2004-11-12 20:22 . 2004-11-12 20:22 15020 -c--a-w- c:\program files\Hat_on_Green_NameBadge.wmf
    2004-11-12 18:04 . 2004-11-12 18:04 47838 -c--a-w- c:\program files\Hat_on_Green_NoteCard.wmf
    2004-11-12 15:03 . 2004-11-12 15:03 171020 -c--a-w- c:\program files\Pink_Border_Halffold.wmf
    2004-11-12 15:01 . 2004-11-12 15:01 170740 -c--a-w- c:\program files\Blue_Border_Halffold.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 46804 -c--a-w- c:\program files\CHAMPAGN.WMF
    2004-07-30 15:49 . 2004-07-30 15:49 20388 -c--a-w- c:\program files\CHAMPAG1.WMF
    2004-07-30 15:49 . 2004-07-30 15:49 9528 -c--a-w- c:\program files\Ribbons.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 4532 -c--a-w- c:\program files\USA.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 322622 -c--a-w- c:\program files\Star.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 319406 -c--a-w- c:\program files\Flag3.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 2928 -c--a-w- c:\program files\Flag2.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 207588 -c--a-w- c:\program files\Flag1.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 11982 -c--a-w- c:\program files\WAGON.WMF
    2004-07-30 15:48 . 2004-07-30 15:48 10464 -c--a-w- c:\program files\Horsey.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 169584 -c--a-w- c:\program files\HappyBirthday_01.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 43774 -c--a-w- c:\program files\HappyBirthday01.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 7824 -c--a-w- c:\program files\Candles2.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 67128 -c--a-w- c:\program files\Cake5.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 5594 -c--a-w- c:\program files\Cake3.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 141390 -c--a-w- c:\program files\Cake.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 65118 -c--a-w- c:\program files\Balloons5.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 35850 -c--a-w- c:\program files\Birthday_Cake.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 202918 -c--a-w- c:\program files\Balloons_b.wmf
    2003-01-04 00:33 . 2003-01-04 00:33 72722 ----a-w- c:\program files\StartupCPL.exe
    2000-06-16 17:26 . 2006-11-17 13:52 23357 ---ha-w- c:\program files\folder.htt
    2010-06-03 19:14 . 2009-12-23 13:17 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-01-23 18:07 . 2007-06-12 17:41 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll
    2006-12-02 19:49 . 2006-12-02 19:49 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2008-04-01 17:44 . 2008-04-01 17:44 23 --sha-w- c:\windows\system32\adfdcac_z.dll
    2009-02-06 19:16 . 2009-02-06 19:16 23 --sha-w- c:\windows\system32\edacded0_x.dat
    2009-07-14 17:06 . 2009-07-14 16:57 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
    @= "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} "
    [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
    2009-02-14 17:00 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @= "{3DBF5F01-3287-46EB-82CF-45AA5C241162} "
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2006-11-02 20:33 593920 ----a-w- c:\windows\system32\PGPfsshl.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Rapportexe "= "c:\program files\Trusteer\Rapport\bin\RapportService.exe" [2008-10-06 1712032]
    "RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-21 160328]
    "TivoServer "= "c:\program files\TiVo\Desktop\TiVoServer.exe" [2010-05-17 2264336]
    "TivoTransfer "= "c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2010-05-17 608016]
    "TivoNotify "= "c:\program files\TiVo\Desktop\TiVoNotify.exe" [2010-05-17 437520]
    "TranscodingService "= "c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-05-17 855824]
    "Handy Backup 6.0 "= "c:\program files\NOVOSOFT\HANDY BACKUP\hbagent.exe" [2007-11-01 1384448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ftutil2 "= "ftutil2.dll" [2004-06-07 106496]
    "Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
    "KBD "= "c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "Logitech Utility "= "c:\windows\Logi_MwX.Exe" [2003-12-17 19968]
    "HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
    "WinPatrol "= "c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-05-31 323976]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 56080]
    "Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-03 30192]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
    "ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "SpySweeper "= "c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-21 160328]

    c:\documents and settings\Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-22 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-22 27136]

    c:\documents and settings\Lynne\Start Menu\Programs\Startup\
    WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\windows\system32\PGPmapih.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ PGPpwflt scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ReSchedHPSU.lnk]
    backup=c:\windows\pss\ReSchedHPSU.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\mqsvc.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\AboutTime\\AboutTime.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Documents and Settings\\HP_Administrator\\Application Data\\Vusion\\WARPVideoStreamer.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe "=
    "c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mm_server.exe "=
    "c:\\Program Files\\PCPitstop\\Optimize3\\Optimize3.exe "=
    "c:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP "= 135:TCP:DCOM(135)

    R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [11/2/2006 4:27 PM 96256]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/13/2009 6:09 PM 29808]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/23/2008 12:03 PM 62720]
    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [1/28/2009 5:47 PM 202928]
    R2 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [5/17/2010 5:10 PM 1104656]
    R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2/27/2009 4:22 PM 1201640]
    R3 RapportKE;RapportKE;c:\program files\Trusteer\Rapport\bin\RapportKE.sys [10/23/2008 12:03 PM 101248]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 10:09 AM 133104]
    S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\sharshtl.sys [10/17/2007 10:57 AM 18432]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/23/2009 9:16 AM 30192]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [10/22/2008 1:46 PM 493568]
    S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/23/2008 5:09 AM 95024]
    S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [6/23/2010 1:51 PM 90296]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 14:08]

    2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 14:08]

    2010-04-19 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    - c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-12-19 16:06]

    2010-07-16 c:\windows\Tasks\User_Feed_Synchronization-{6ACC229A-6DB3-4E23-AD97-BCD4B9F544EE}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]

    2010-07-16 c:\windows\Tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-16 c:\windows\Tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-13 c:\windows\Tasks\wrSpySweeper_L3C1BFC7A88E44B0E87A28BED95FF2B7B.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-13 c:\windows\Tasks\wrSpySweeper_L3C1BFC7A88E44B0E87A28BED95FF2B7B.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-13 c:\windows\Tasks\wrSpySweeper_L48D5F7DD729042AD830F1D2F5FF52030.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-13 c:\windows\Tasks\wrSpySweeper_L48D5F7DD729042AD830F1D2F5FF52030.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-16 c:\windows\Tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-16 c:\windows\Tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-16 c:\windows\Tasks\wrSpySweeper_LE960CC952FDA438BB9DBCAE21BAC9D4C.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-16 c:\windows\Tasks\wrSpySweeper_LE960CC952FDA438BB9DBCAE21BAC9D4C.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
    LSP: c:\windows\system32\PGPlsp.dll
    TCP: {0B39C4F2-A3EC-4579-805B-9BF7C764E58D} = 208.67.222.222,208.67.220.220
    TCP: {4B604EAF-89DC-4890-A3F6-8AE867A040F1} = 208.67.222.222,208.67.220.220
    TCP: {892900FC-9814-4488-99C0-81491C1EE93D} = 8.8.8.8,8.8.4.4
    TCP: {B4686077-FA46-4561-A035-7DDA665FD41A} = 8.8.8.8,8.8.4.4
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071504000001.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{BC0AE9E6-E549-4554-A222-EA083A894683}\plugins\npQuickUpload.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\warpvideo@vusion.com\platform\WINNT_x86-msvc\plugins\npWARPVideoPlugin.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Vusion\npWARPVideoPlugin.252843.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-dimsntfy - (no file)
    Notify-WgaLogon - (no file)
    SafeBoot-aawservice
    SafeBoot-SBAMSvc



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-16 18:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(772)
    c:\windows\system32\PGPpwflt.dll
    c:\windows\system32\PGPwd.dll
    c:\windows\system32\PGPsdk.dll
    c:\windows\system32\pgpsdkm.dll

    - - - - - - - > 'explorer.exe'(1628)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
    c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
    c:\windows\system32\PGPfsshl.dll
    c:\windows\system32\PGPcl.dll
    c:\windows\system32\PGPsdk.dll
    c:\windows\system32\PGPsdkNL.dll
    c:\windows\system32\PGPwd.dll
    c:\windows\system32\pgpsdkm.dll
    c:\windows\system32\PGPsdkUI.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PGPlsp.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\windows\arservice.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Executive Software\Diskeep\DkService.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\PGPserv.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\System32\snmp.exe
    c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\dllhost.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files\TiVo\Desktop\Plus\TranscodingService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\EHOME\EHTRAY.EXE
    c:\program files\MUSICMATCH\MUSICMATCH JUKEBOX\MM_SERVER.EXE
    c:\windows\eHome\ehmsas.exe
    c:\program files\MUSICMATCH\MUSICMATCH JUKEBOX\MMDiag.exe
    c:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
    c:\program files\SCANSOFT\OMNIPAGESE4.0\OPWARESE4.EXE
    c:\program files\HP DIGITALMEDIA ARCHIVE\DMASCHEDULER.EXE
    c:\program files\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Webroot\WebrootSecurity\SSU.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-07-16 18:21:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-16 22:21

    Pre-Run: 141,397,995,520 bytes free
    Post-Run: 141,332,889,600 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 7FDF01A8EF25879AB8540F178AEB89C3
     
    writeman47,
    #10
  12. 2010/07/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\REN131.tmp
c:\windows\system32\REN130.tmp
c:\windows\system32\REN12F.tmp
c:\windows\system32\adfdcac_z.dll
c:\windows\system32\edacded0_x.dat


Folder::
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sunbelt Software
c:\documents and settings\All Users\Application Data\~0

SecCenter::
{964FCE60-0B18-4D30-ADD6-EB178909041C}

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #11
  13. 2010/07/17
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    ComboFix 10-07-16.01 - HP_Administrator 07/17/2010 13:49:51.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1124 [GMT -4:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
    AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
    FW: Webroot AntiVirus with Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

    FILE ::
    "c:\windows\system32\adfdcac_z.dll "
    "c:\windows\system32\edacded0_x.dat "
    "c:\windows\system32\REN12F.tmp "
    "c:\windows\system32\REN130.tmp "
    "c:\windows\system32\REN131.tmp "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\~0
    c:\documents and settings\All Users\Application Data\~0\Ad-AwareInstall.exe
    c:\documents and settings\All Users\Application Data\~0\mia.lib
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sunbelt Software
    c:\windows\system32\adfdcac_z.dll
    c:\windows\system32\edacded0_x.dat
    c:\windows\system32\REN12F.tmp
    c:\windows\system32\REN130.tmp
    c:\windows\system32\REN131.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
    .

    2010-07-17 17:35 . 2010-07-17 17:35 -------- d-----w- c:\windows\LastGood
    2010-07-16 21:23 . 2010-05-26 23:10 545280 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2010-07-16 21:23 . 2010-05-26 23:10 4687360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\libs\cooliris192.dll
    2010-07-16 21:23 . 2010-05-26 23:10 103424 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2010-07-16 21:23 . 2010-05-26 23:10 57856 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2010-07-16 21:23 . 2010-05-26 23:10 425984 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2010-07-16 21:23 . 2010-05-26 23:10 153088 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2010-07-14 13:56 . 2010-07-14 13:56 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\ArcSoft
    2010-07-14 13:53 . 2006-11-10 19:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-07-14 13:52 . 2010-07-14 14:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
    2010-07-14 13:51 . 2010-07-14 13:52 -------- d-----w- c:\program files\Common Files\ArcSoft
    2010-07-14 13:51 . 2010-07-14 13:51 -------- d-----w- c:\program files\Kodak
    2010-07-14 13:48 . 2010-07-14 13:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Media Player Classic
    2010-07-12 20:23 . 2010-07-12 20:23 -------- d-----w- c:\documents and settings\Lynne\Application Data\WinPatrol
    2010-07-08 18:31 . 2010-07-12 21:25 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\TiVo Desktop
    2010-07-08 18:31 . 2010-07-08 18:31 -------- d-----w- c:\program files\Bonjour
    2010-07-08 09:53 . 2010-07-08 09:53 -------- d-----w- c:\program files\Apple Software Update
    2010-07-07 21:13 . 2010-07-09 21:01 -------- d-----w- c:\program files\TiVo
    2010-06-30 13:56 . 2010-06-30 13:56 -------- d-----w- c:\program files\jv16 PowerTools 2010
    2010-06-29 17:43 . 2010-06-29 17:43 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-06-29 17:33 . 2010-06-29 17:33 -------- d-----w- c:\program files\Trend Micro
    2010-06-28 21:26 . 2010-06-28 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Amazon
    2010-06-24 17:40 . 2010-06-24 17:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers
    2010-06-24 15:31 . 2010-06-24 15:31 290816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2010-06-24 15:31 . 2010-06-24 15:31 290816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2010-06-24 15:31 . 2010-06-24 15:31 290816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2010-06-24 15:31 . 2010-06-24 15:31 290816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
    2010-06-22 19:57 . 2010-06-22 19:57 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-19 19:49 . 2010-06-03 14:05 343552 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-17 13:00 . 2007-11-01 20:22 188152 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\FlashGot.exe
    2010-07-17 12:44 . 2007-05-06 14:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GoodSync
    2010-07-16 22:26 . 2006-11-17 13:36 -------- d-----w- c:\program files\GetRight
    2010-07-15 21:56 . 2009-06-04 12:49 -------- d-----w- c:\program files\CrystalDiskInfo
    2010-07-14 14:28 . 2007-12-19 19:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ArcSoft
    2010-07-14 14:00 . 2006-09-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-13 19:04 . 2008-01-16 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
    2010-07-13 16:27 . 2007-09-16 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-13 16:23 . 2006-11-17 13:37 -------- d-----w- c:\program files\Lavasoft
    2010-07-12 21:25 . 2008-08-14 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TiVo
    2010-07-12 21:19 . 2006-09-22 17:57 -------- d-----w- c:\program files\Common Files\Java
    2010-07-12 21:18 . 2010-04-15 20:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-12 20:49 . 2006-11-17 16:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-07-12 20:34 . 2008-08-06 22:26 -------- d-----w- c:\documents and settings\Lynne\Application Data\HPAppData
    2010-06-30 13:06 . 2007-02-28 02:37 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-06-30 12:51 . 2010-03-02 12:58 -------- d-----w- c:\program files\CCleaner
    2010-06-29 20:45 . 2006-11-17 11:51 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-06-29 17:37 . 2008-06-22 11:49 -------- d-----w- c:\program files\Amazon
    2010-06-29 17:35 . 2010-01-08 21:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2010-06-29 17:35 . 2007-10-30 17:04 -------- d-----w- c:\program files\Innovative Solutions
    2010-06-29 17:33 . 2008-11-07 19:11 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-06-29 17:33 . 2008-11-07 19:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab
    2010-06-24 17:39 . 2010-01-08 21:35 -------- d-----w- c:\program files\DVDVideoSoft
    2010-06-23 17:51 . 2006-11-17 13:39 -------- d-----w- c:\program files\PCPitstop
    2010-06-21 22:37 . 2008-10-23 09:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-06-14 14:30 . 2004-08-10 04:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-11 13:51 . 2010-06-11 13:51 -------- d-----w- c:\program files\Lavalys
    2010-06-09 13:37 . 2008-07-29 22:11 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-09 13:10 . 2007-02-22 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-31 20:33 . 2010-05-31 20:05 -------- d-----w- c:\program files\Calibrize
    2010-05-29 12:27 . 2006-11-17 13:36 -------- d-----w- c:\program files\Google
    2010-05-28 13:30 . 2007-11-03 19:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol
    2010-05-24 16:00 . 2010-05-24 16:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-05-24 16:00 . 2010-05-24 16:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-05-24 16:00 . 2010-05-24 16:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-05-24 16:00 . 2010-05-24 16:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-05-24 16:00 . 2010-03-13 18:47 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-05-24 16:00 . 2010-05-24 16:00 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-05-24 16:00 . 2010-05-24 16:00 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-05-24 16:00 . 2010-03-13 18:47 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-05-24 15:59 . 2010-05-24 15:59 -------- d-----w- c:\program files\Common Files\xing shared
    2010-05-24 15:54 . 2009-11-17 17:35 -------- d-----w- c:\program files\QuickTime Alternative
    2010-05-24 15:43 . 2008-11-11 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-22 14:17 . 2007-05-06 13:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
    2010-05-21 23:05 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-05-21 23:04 . 2010-05-21 23:04 208896 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    2010-05-21 23:04 . 2010-05-21 23:04 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
    2010-05-21 23:04 . 2010-05-21 23:04 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
    2010-05-21 23:04 . 2010-05-21 23:04 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
    2010-05-21 23:04 . 2010-05-21 23:04 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
    2010-05-21 23:04 . 2010-05-21 23:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
    2010-05-21 23:04 . 2010-05-21 23:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
    2010-05-21 23:04 . 2010-05-21 23:04 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
    2010-05-21 23:04 . 2010-05-21 23:04 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
    2010-05-04 17:20 . 2004-08-10 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20 . 2009-12-26 22:16 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-05-02 05:56 . 2010-05-21 22:41 1850880 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 19:39 . 2008-11-11 18:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39 . 2008-11-11 18:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 05:51 . 2004-08-10 04:00 285696 ----a-w- c:\windows\system32\atmfd.dll
    2008-05-23 17:38 . 2008-05-23 17:38 1604124 ----a-w- c:\program files\ProcessExplorer.zip
    2008-03-26 21:01 . 2008-03-26 21:01 0 ----a-w- c:\program files\temp01
    2007-11-14 18:43 . 2007-11-14 18:43 774144 ----a-w- c:\program files\RngInterstitial.dll
    2005-11-11 21:07 . 2005-11-11 21:07 29732 -c--a-w- c:\program files\balloons_confetti.wmf
    2004-11-23 20:17 . 2004-11-23 20:17 3404 -c--a-w- c:\program files\Cake_Pink.wmf
    2004-11-23 20:16 . 2004-11-23 20:16 3404 -c--a-w- c:\program files\Cake_Blue.wmf
    2004-11-23 18:40 . 2004-11-23 18:40 7840 -c--a-w- c:\program files\Hat.wmf
    2004-11-12 20:43 . 2004-11-12 20:43 73740 -c--a-w- c:\program files\Hat_on_Pink_GreetingCard.wmf
    2004-11-12 20:42 . 2004-11-12 20:42 70676 -c--a-w- c:\program files\Hat_on_Blue_GreetingCard.wmf
    2004-11-12 20:31 . 2004-11-12 20:31 14810 -c--a-w- c:\program files\Hat_on_Yellow_NameBadge.wmf
    2004-11-12 20:22 . 2004-11-12 20:22 15020 -c--a-w- c:\program files\Hat_on_Green_NameBadge.wmf
    2004-11-12 18:04 . 2004-11-12 18:04 47838 -c--a-w- c:\program files\Hat_on_Green_NoteCard.wmf
    2004-11-12 15:03 . 2004-11-12 15:03 171020 -c--a-w- c:\program files\Pink_Border_Halffold.wmf
    2004-11-12 15:01 . 2004-11-12 15:01 170740 -c--a-w- c:\program files\Blue_Border_Halffold.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 46804 -c--a-w- c:\program files\CHAMPAGN.WMF
    2004-07-30 15:49 . 2004-07-30 15:49 20388 -c--a-w- c:\program files\CHAMPAG1.WMF
    2004-07-30 15:49 . 2004-07-30 15:49 9528 -c--a-w- c:\program files\Ribbons.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 4532 -c--a-w- c:\program files\USA.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 322622 -c--a-w- c:\program files\Star.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 319406 -c--a-w- c:\program files\Flag3.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 2928 -c--a-w- c:\program files\Flag2.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 207588 -c--a-w- c:\program files\Flag1.wmf
    2004-07-30 15:49 . 2004-07-30 15:49 11982 -c--a-w- c:\program files\WAGON.WMF
    2004-07-30 15:48 . 2004-07-30 15:48 10464 -c--a-w- c:\program files\Horsey.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 169584 -c--a-w- c:\program files\HappyBirthday_01.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 43774 -c--a-w- c:\program files\HappyBirthday01.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 7824 -c--a-w- c:\program files\Candles2.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 67128 -c--a-w- c:\program files\Cake5.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 5594 -c--a-w- c:\program files\Cake3.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 141390 -c--a-w- c:\program files\Cake.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 65118 -c--a-w- c:\program files\Balloons5.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 35850 -c--a-w- c:\program files\Birthday_Cake.wmf
    2004-07-30 15:48 . 2004-07-30 15:48 202918 -c--a-w- c:\program files\Balloons_b.wmf
    2003-01-04 00:33 . 2003-01-04 00:33 72722 ----a-w- c:\program files\StartupCPL.exe
    2000-06-16 17:26 . 2006-11-17 13:52 23357 ---ha-w- c:\program files\folder.htt
    2010-06-03 19:14 . 2009-12-23 13:17 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-01-23 18:07 . 2007-06-12 17:41 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll
    2006-12-02 19:49 . 2006-12-02 19:49 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2009-07-14 17:06 . 2009-07-14 16:57 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
    @= "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} "
    [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
    2009-02-14 17:00 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @= "{3DBF5F01-3287-46EB-82CF-45AA5C241162} "
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2006-11-02 20:33 593920 ----a-w- c:\windows\system32\PGPfsshl.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Rapportexe "= "c:\program files\Trusteer\Rapport\bin\RapportService.exe" [2008-10-06 1712032]
    "RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-21 160328]
    "TivoServer "= "c:\program files\TiVo\Desktop\TiVoServer.exe" [2010-05-17 2264336]
    "TivoTransfer "= "c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2010-05-17 608016]
    "TivoNotify "= "c:\program files\TiVo\Desktop\TiVoNotify.exe" [2010-05-17 437520]
    "TranscodingService "= "c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-05-17 855824]
    "Handy Backup 6.0 "= "c:\program files\NOVOSOFT\HANDY BACKUP\hbagent.exe" [2007-11-01 1384448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ftutil2 "= "ftutil2.dll" [2004-06-07 106496]
    "Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
    "KBD "= "c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "Logitech Utility "= "c:\windows\Logi_MwX.Exe" [2003-12-17 19968]
    "HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
    "WinPatrol "= "c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-05-31 323976]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 56080]
    "Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-03 30192]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
    "ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "SpySweeper "= "c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-21 160328]

    c:\documents and settings\Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-22 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-22 27136]

    c:\documents and settings\Lynne\Start Menu\Programs\Startup\
    WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\windows\system32\PGPmapih.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ PGPpwflt scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ReSchedHPSU.lnk]
    backup=c:\windows\pss\ReSchedHPSU.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\mqsvc.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\AboutTime\\AboutTime.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Documents and Settings\\HP_Administrator\\Application Data\\Vusion\\WARPVideoStreamer.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe "=
    "c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mm_server.exe "=
    "c:\\Program Files\\PCPitstop\\Optimize3\\Optimize3.exe "=
    "c:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP "= 135:TCP:DCOM(135)

    R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [11/2/2006 4:27 PM 96256]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/13/2009 6:09 PM 29808]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/23/2008 12:03 PM 62720]
    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [1/28/2009 5:47 PM 202928]
    R2 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [5/17/2010 5:10 PM 1104656]
    R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2/27/2009 4:22 PM 1201640]
    R3 RapportKE;RapportKE;c:\program files\Trusteer\Rapport\bin\RapportKE.sys [10/23/2008 12:03 PM 101248]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 10:09 AM 133104]
    S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\sharshtl.sys [10/17/2007 10:57 AM 18432]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/23/2009 9:16 AM 30192]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [10/22/2008 1:46 PM 493568]
    S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/23/2008 5:09 AM 95024]
    S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [6/23/2010 1:51 PM 90296]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 14:08]

    2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 14:08]

    2010-04-19 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    - c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-12-19 16:06]

    2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{6ACC229A-6DB3-4E23-AD97-BCD4B9F544EE}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]

    2010-07-17 c:\windows\Tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-17 c:\windows\Tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-17 c:\windows\Tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]

    2010-07-17 c:\windows\Tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-27 20:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
    LSP: c:\windows\system32\PGPlsp.dll
    TCP: {0B39C4F2-A3EC-4579-805B-9BF7C764E58D} = 208.67.222.222,208.67.220.220
    TCP: {4B604EAF-89DC-4890-A3F6-8AE867A040F1} = 208.67.222.222,208.67.220.220
    TCP: {892900FC-9814-4488-99C0-81491C1EE93D} = 8.8.8.8,8.8.4.4
    TCP: {B4686077-FA46-4561-A035-7DDA665FD41A} = 8.8.8.8,8.8.4.4
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071504000001.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{BC0AE9E6-E549-4554-A222-EA083A894683}\plugins\npQuickUpload.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\warpvideo@vusion.com\platform\WINNT_x86-msvc\plugins\npWARPVideoPlugin.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Vusion\npWARPVideoPlugin.252843.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-17 13:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(772)
    c:\windows\system32\PGPpwflt.dll
    c:\windows\system32\PGPwd.dll
    c:\windows\system32\PGPsdk.dll
    c:\windows\system32\pgpsdkm.dll
    .
    Completion time: 2010-07-17 13:58:06
    ComboFix-quarantined-files.txt 2010-07-17 17:58
    ComboFix2.txt 2010-07-16 22:21

    Pre-Run: 141,286,658,048 bytes free
    Post-Run: 141,300,674,560 bytes free

    - - End Of File - - 433B44FA6410A67CF0AC302751402A74
     
    writeman47,
    #12
  14. 2010/07/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    How is that turning off issue?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #13
  15. 2010/07/18
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    I've had one recent shut down while I was working and one that happened overnight. Didn't note exactly when those happened, but it's definitely less frequent than before. Here is the Extras.txt file. It says the OTL.txt file is too long, so I'll try to split it and post it in two pieces.

    OTL Extras logfile created on: 7/18/2010 1:00:54 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 177.45 Gb Total Space | 132.54 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
    Drive D: | 8.84 Gb Total Space | 0.56 Gb Free Space | 6.35% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive K: | 232.83 Gb Total Space | 211.43 Gb Free Space | 90.81% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75
    Current User Name: HP_Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- L:\SYSTEM\APPS\3C9F7B~1\EXEC\FIREFOX\FIREFOX.EXE -requestPending -osint -url "%1" File not found
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "135:TCP" = 135:TCP:*:Enabled:DCOM(135)
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
    "7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port %d

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- File not found
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
    "C:\Program Files\AboutTime\AboutTime.exe" = C:\Program Files\AboutTime\AboutTime.exe:*:Enabled:AboutTime cient/server -- ()
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Documents and Settings\HP_Administrator\Application Data\Vusion\WARPVideoStreamer.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Vusion\WARPVideoStreamer.exe:*:Enabled:WARP Video Streamer -- (Vusion Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- ()
    "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_server.exe" = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_server.exe:*:Enabled:Musicmatch® Music Server -- (Musicmatch, Inc.)
    "C:\Program Files\PCPitstop\Optimize3\Optimize3.exe" = C:\Program Files\PCPitstop\Optimize3\Optimize3.exe:*:Enabled:pC Pitstop Optimize3 -- ()
    "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" = C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe:*:Enabled:pC Pitstop Optimize -- (PC Pitstop, LLC.)
    "C:\Program Files\TiVo\Desktop\TiVoTransfer.exe" = C:\Program Files\TiVo\Desktop\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service -- (TiVo Inc.)
    "C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service -- (TiVo Inc.)
    "C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" = C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface -- (TiVo Inc.)
    "C:\Program Files\TiVo\Desktop\curl.exe" = C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service -- ()
    "C:\Program Files\TiVo\Desktop\TiVoBeacon.exe" = C:\Program Files\TiVo\Desktop\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service -- (TiVo Inc.)
    "C:\Program Files\TiVo\Desktop\TiVoDiag.exe" = C:\Program Files\TiVo\Desktop\TiVoDiag.exe:LocalSubNet:Enabled:TiVo Diag Service -- (TiVo Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01EAA7C8-C141-44BA-92E4-0B196A9DD0E9}" = Cooliris for Internet Explorer
    "{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
    "{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{1463BA91-7FE5-4B8C-A890-FB4E5FACCB47}" =
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{162F8A0F-3EBF-4E2A-A37C-E8E29C261C25}" = Garmin City Navigator North America NT 2009.11 Update
    "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" =
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
    "{388D1ED3-02EB-4CFD-A46D-7F6B8E3B9109}" = ebgcRes
    "{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
    "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
    "{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.8.1
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{53B2D537-21CF-44D5-A03A-0DAF993B5728}" = ebgcSDK
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
    "{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
    "{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{777B2D37-74E5-43FA-A379-4F930502A0D7}" = PGP Desktop
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
    "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
    "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
    "{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354" =
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2" =
    "{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.8
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909" =
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773" =
    "{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
    "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
    "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003" =
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043" =
    "{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" =
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F33552CB-4B12-4B27-8211-384F623E79EA}" = Diskeeper Home Edition
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "7-Zip" = 7-Zip 4.65
    "Add/Remove Pro (Freeware)_is1" = Add/Remove Pro (Freeware)
    "AddressBook" =
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe® Photoshop® Album Starter Edition 3.2" =
    "AI RoboForm" = AI RoboForm (All Users)
    "Amazon Kindle For PC" = Amazon Kindle For PC v1.1
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "AudioPlugin.dll" =
    "AVGantiRootkit" = AVG Anti-Rootkit Free
    "Belarc Advisor" = Belarc Advisor 7.2
    "Belarc Advisor 2.0" =
    "Biz-Plan" =
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CCleaner" = CCleaner
    "Connection Manager" =
    "CopyNow.dll" =
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "CrystalDiskInfo_is1" = CrystalDiskInfo 3.6.4
    "CSCLIB" = Canon Camera Support Core Library
    "DataPlugin.dll" =
    "DFX for MUSICMATCH" =
    "DirectAnimation" =
    "DirectDrawEx" =
    "DXM_Runtime" =
    "EAFunctions.dll" =
    "Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.4.1
    "EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
    "EOS Utility" = Canon Utilities EOS Utility
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "filehippo.com" = FileHippo.com Update Checker
    "FLV Player" = FLV Player 2.0 (build 25)
    "Fontcore" =
    "Foxit Reader" = Foxit Reader
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
    "GetRight_is1" = GetRight
    "Google Desktop" = Google Desktop
    "Handy Backup 6.0" = Handy Backup 6.0
    "HijackThis" = HijackThis 1.99.1
    "Hijackthis_is1" = Hijackthis 1.99.1
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
    "HP Print Projects" = HP Print Projects 1.0
    "hp print screen utility" = hp print screen utility
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "ICW" =
    "IDNMitigationAPIs" =
    "IE40" =
    "IE4Data" =
    "IE5BAKEX" =
    "ie7" = Windows Internet Explorer 7
    "IEData" =
    "IncrediMail" =
    "InstallShield Uninstall Information" =
    "InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" =
    "jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
    "jv16 PowerTools 2010" = jv16 PowerTools 2010
    "Karen's Computer Profiler" = Karen's Computer Profiler
    "Karen's Directory Printer" = Karen's Directory Printer
    "Karen's Replicator" = Karen's Replicator
    "Karen's Time Sync" = Karen's Time Sync
    "Karen's Version Browser" = Karen's Version Browser
    "Karen's WhoIs" = Karen's WhoIs
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" =
    "Microsoft .NET Framework 3.0" =
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Interactive Training" =
    "MobileOptionPack" =
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
    "Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
    "MSI30a-KB884016" =
    "MSI30-Beta1" =
    "MSI30-Beta2" =
    "MSI30-KB884016" =
    "MSI30-RC1" =
    "MSI30-RC2" =
    "MSI31-Beta" =
    "MSI31-RC1" =
    "Myst for Windows 95" = Myst for Windows 95
    "NetMeeting" =
    "NLSDownlevelMapping" =
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "oggcodecs" = oggcodecs 0.71.0946
    "OutlookExpress" =
    "PC Matic_is1" = PC Matic 1.0.0.16
    "PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
    "PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
    "PCHealth" =
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "PicaView" = PicaView
    "Premier Jeweler Software" =
    "QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 12.0" = RealPlayer
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "SchedulingAgent" =
    "SendToX.PowerToy" = Send To Extensions PowerToy
    "Shockwave" =
    "ST6UNST #1" = Karen's Drive Info
    "Super Collapse! II" =
    "SystemRequirementsLab" = System Requirements Lab
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
    "Wdf01000" =
    "Wdf01001" =
    "WIC" =
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows Script" = Microsoft Windows Script 5.7
    "Winmail Reader_is1" = Winmail Reader 1.1.11
    "WinMerge_is1" = WinMerge 2.12.2
    "WinPatrol" = WinPatrol
    "WMCSetup" =
    "wmfdist11" =
    "wmp11" =
    "Word Mojo Gold" =
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "WARPVideo" = WARP Video 2

    ========== Last 10 Event Log Errors ==========

    [ OSession Events ]
    Error - 11/26/2008 9:06:29 AM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6308.5000, Microsoft Office Version: 9999.9999.9999.9999. This session lasted
    112 seconds with 60 seconds of active time. This session ended with a crash.

    Error - 7/3/2009 12:35:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1402
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 11/1/2009 3:13:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1529
    seconds with 180 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/18/2010 12:44:39 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ftsata2 Lbd

    Error - 7/18/2010 12:52:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
    Description = The Parallel port driver service failed to start due to the following
    error: %%1058

    Error - 7/18/2010 12:52:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 7/18/2010 12:52:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7001
    Description = The Message Queuing service depends on the NT LM Security Support
    Provider service which failed to start because of the following error: %%1058

    Error - 7/18/2010 12:52:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7001
    Description = The Message Queuing Triggers service depends on the Message Queuing
    service which failed to start because of the following error: %%1068

    Error - 7/18/2010 12:52:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
    Description = The Upload Manager service failed to start due to the following error:
    %%1079

    Error - 7/18/2010 12:52:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7001
    Description = The Windows Media Player Network Sharing Service service depends on
    the Universal Plug and Play Device Host service which failed to start because of
    the following error: %%1058

    Error - 7/18/2010 12:52:24 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ftsata2 Lbd

    Error - 7/18/2010 1:01:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 7/18/2010 1:01:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2


    < End of report >
     
    writeman47,
    #14
  16. 2010/07/18
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    OTL logfile created on: 7/18/2010 1:00:54 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 177.45 Gb Total Space | 132.54 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
    Drive D: | 8.84 Gb Total Space | 0.56 Gb Free Space | 6.35% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive K: | 232.83 Gb Total Space | 211.43 Gb Free Space | 90.81% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75
    Current User Name: HP_Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/18 12:58:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    PRC - [2010/06/03 15:14:31 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2010/05/17 17:10:22 | 000,855,824 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\Plus\TranscodingService.exe
    PRC - [2010/05/17 17:10:16 | 000,608,016 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    PRC - [2010/05/17 17:10:14 | 002,264,336 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoServer.exe
    PRC - [2010/05/17 17:10:12 | 000,437,520 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    PRC - [2010/05/17 17:10:06 | 001,104,656 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
    PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/03/21 13:09:18 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/11/20 17:48:14 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    PRC - [2009/11/06 16:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    PRC - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    PRC - [2009/11/06 13:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
    PRC - [2008/06/23 14:47:18 | 004,628,752 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
    PRC - [2007/11/01 17:42:44 | 001,384,448 | ---- | M] (Novosoft) -- C:\Program Files\Novosoft\Handy Backup\hbagent.exe
    PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/20 04:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
    PRC - [2006/11/07 16:41:44 | 000,419,840 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
    PRC - [2006/11/07 16:41:44 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
    PRC - [2006/11/07 16:41:44 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_server.exe
    PRC - [2006/11/02 16:28:08 | 000,092,672 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPserv.exe
    PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    PRC - [2006/04/13 12:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
    PRC - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeep\DkService.exe
    PRC - [2004/06/23 11:23:00 | 000,015,360 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    PRC - [2003/12/17 09:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
    PRC - [2002/12/09 20:19:20 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/18 12:58:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    MOD - [2007/10/26 12:06:56 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    MOD - [2006/10/04 23:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
    MOD - [2006/08/25 09:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    MOD - [2004/08/10 00:00:00 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
    MOD - [2004/08/10 00:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2004/08/10 00:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2010/06/03 15:14:31 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/05/17 17:10:06 | 001,104,656 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
    SRV - [2010/05/06 13:23:56 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/11/20 17:48:14 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
    SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/11/20 04:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
    SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/11/02 16:28:08 | 000,092,672 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\system32\PGPserv.exe -- (PGPserv)
    SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [Disabled | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
    SRV - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeep\DkService.exe -- (Diskeeper)
    SRV - [2004/08/10 00:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
    DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/06/21 18:37:49 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/11/06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
    DRV - [2009/11/06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
    DRV - [2009/11/06 13:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
    DRV - [2009/06/22 07:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
    DRV - [2008/10/09 11:21:04 | 000,202,928 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
    DRV - [2008/10/06 10:47:12 | 000,101,248 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKE.sys -- (RapportKE)
    DRV - [2008/10/06 10:47:12 | 000,062,720 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2008/05/08 08:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2008/02/26 09:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
    DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
    DRV - [2007/04/11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2007/04/11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
    DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
    DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
    DRV - [2007/01/18 08:00:26 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2006/11/02 16:28:02 | 000,224,256 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)
    DRV - [2006/11/02 16:27:42 | 000,096,256 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\PGPfsfd.sys -- (pgpfs)
    DRV - [2006/11/02 16:27:34 | 000,036,352 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPsdk.sys -- (PGPsdkDriver)
    DRV - [2006/11/02 16:27:24 | 000,163,328 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PGPwded.sys -- (PGPwded)
    DRV - [2006/07/24 16:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/01/12 22:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
    DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
    DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/01/08 03:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2005/01/07 17:05:28 | 000,147,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/12/17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
    DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
    DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
    DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
    DRV - [1998/01/26 02:17:00 | 000,018,432 | ---- | M] (Shuttle Technology) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\sharshtl.sys -- (SHARSHTL)
    DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.goodsearch.com/Default.aspx "

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/02/11 14:08:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/02/25 10:10:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/24 12:00:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 13:37:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 13:37:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/12 17:52:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/05/24 12:01:06 | 000,000,000 | ---D | M]

    [2010/01/05 09:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
    [2010/01/05 09:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/06/24 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\om5yb7rr.default\extensions
    [2009/12/28 17:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\om5yb7rr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/06/29 13:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\om5yb7rr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2010/07/17 13:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions
    [2010/07/05 10:50:57 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/04/27 10:09:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2008/10/22 13:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2)
    [2010/07/06 15:11:11 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2007/06/29 14:53:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
    [2008/06/15 12:55:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
    [2008/10/22 13:09:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(4)
    [2009/02/20 16:48:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(5)
    [2009/06/04 09:13:10 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2009/02/20 15:45:11 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
    [2010/06/29 13:35:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2009/01/10 11:52:35 | 000,000,000 | ---D | M] (QuickUpload) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{BC0AE9E6-E549-4554-A222-EA083A894683}
    [2009/02/20 16:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    [2009/02/20 16:23:30 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}(2)
    [2010/02/01 12:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
    [2010/07/11 13:02:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/18 12:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\fatcash@fatwallet.com
    [2010/06/19 15:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\ietab@ip.cn
    [2009/02/20 15:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris(2).com
    [2010/07/16 17:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com
    [2009/02/20 15:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\staged-xpis(2)
    [2010/02/01 12:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\staged-xpis(3)
    [2007/06/29 14:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\trackmenot@mrl.nyu(2).edu
    [2009/02/20 15:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\trackmenot@mrl.nyu(4).edu
    [2010/03/20 08:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\trackmenot@mrl.nyu.edu
    [2008/12/04 10:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\warpvideo@vusion.com
    [2010/07/17 13:24:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/12 17:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2006/11/17 08:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\defaults\profile\Gary\extensions
    [2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
    [2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/07/12 17:18:04 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/06/30 08:57:57 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [2006/10/09 08:58:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2007/01/23 14:28:00 | 001,138,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\nppsynth.dll
    [2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
    [2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    [2009/07/15 11:01:47 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
    [2007/01/23 14:07:00 | 001,847,296 | ---- | M] (Microsoft) -- C:\Program Files\Mozilla Firefox\plugins\Seadragon.dll

    O1 HOSTS File: ([2008/02/21 14:43:53 | 000,000,777 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
    O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    O4 - HKCU..\Run: [Handy Backup 6.0] C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP\hbagent.exe (Novosoft)
    O4 - HKCU..\Run: [Rapportexe] C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\StartUp\WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Value error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cf - No CLSID value found
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\PGPmapih.dll) - C:\WINDOWS\system32\PGPmapih.dll (PGP Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Security Packages - (625\ecurity Packages settings..) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/22 14:37:50 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    End part one
     
    writeman47,
    #15
  17. 2010/07/18
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: System Restore is disabled.
    Error closing restore point: System Restore is disabled.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/18 12:58:12 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2010/07/16 18:06:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/07/16 13:48:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/14 09:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ArcSoft
    [2010/07/14 09:53:05 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
    [2010/07/14 09:52:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
    [2010/07/14 09:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
    [2010/07/14 09:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
    [2010/07/14 09:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
    [2010/07/12 17:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My TiVo Recordings for Portables
    [2010/07/12 17:18:29 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/07/12 17:18:28 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
    [2010/07/12 17:18:28 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
    [2010/07/12 17:18:28 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
    [2010/07/12 13:07:00 | 001,189,376 | ---- | C] (TiVo Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\TiVoTransfer.exe
    [2010/07/08 14:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\TiVo Desktop
    [2010/07/08 14:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/07/08 05:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/07/07 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\TiVo
    [2010/06/30 09:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2010
    [2010/06/30 08:54:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
    [2010/06/29 13:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Kindle Content
    [2010/06/29 13:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/06/28 17:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Amazon
    [2010/06/24 13:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers
    [2010/06/12 08:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hijackthis
    [2010/06/11 09:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
    [2010/05/31 16:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Calibrize
    [2010/05/24 11:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/05/21 19:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/05/21 18:13:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2010/05/12 15:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\bootable_usb_flash_drive_files
    [2010/05/12 12:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\fix_mbr_files
    [2010/05/01 10:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Jason Lefmann FB_files
    [2010/04/28 09:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SumatraPDF
    [8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [314 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/07/18 13:02:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6ACC229A-6DB3-4E23-AD97-BCD4B9F544EE}.job
    [2010/07/18 12:58:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2010/07/18 12:53:42 | 000,267,361 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/07/18 12:53:34 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2010/07/18 12:53:28 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/18 12:52:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/18 12:52:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/18 12:51:30 | 012,509,184 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
    [2010/07/18 12:51:12 | 017,207,554 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
    [2010/07/18 11:52:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/17 23:00:12 | 000,001,632 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    [2010/07/17 23:00:00 | 000,001,632 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job
    [2010/07/17 13:56:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/17 13:40:00 | 001,475,720 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Health Discovery Painkillers Increase Heart Attack, Stroke Risks in Healthy - AARP Bulletin.mht
    [2010/07/16 18:06:52 | 000,000,279 | RHS- | M] () -- C:\boot.ini
    [2010/07/16 16:46:54 | 000,526,013 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Colbie_Image_B.jpg
    [2010/07/16 13:40:31 | 003,738,072 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe.GetRight
    [2010/07/16 13:38:58 | 000,000,552 | ---- | M] () -- C:\hpfr5550.xml
    [2010/07/16 08:03:37 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary Lefmann's Meds List as of 16 Jul 10.doc
    [2010/07/15 17:56:13 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CrystalDiskInfo.lnk
    [2010/07/15 14:16:15 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Realtek HD Sound Effect Manager.lnk
    [2010/07/15 07:49:03 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\low-cost and early-age spay neuter clinics 6-10.doc
    [2010/07/15 07:49:03 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$w-cost and early-age spay neuter clinics 6-10.doc
    [2010/07/15 07:48:17 | 000,133,959 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\transporters 6-10.rtf
    [2010/07/15 07:48:17 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$ansporters 6-10.rtf
    [2010/07/15 07:47:41 | 000,152,140 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\help for lost pets 6-10.rtf
    [2010/07/15 07:47:41 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$lp for lost pets 6-10.rtf
    [2010/07/15 07:47:10 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\financial aid for pets 6-10.doc
    [2010/07/15 07:47:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$nancial aid for pets 6-10.doc
    [2010/07/15 07:46:40 | 000,053,440 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\pet food banks 6-10.rtf
    [2010/07/15 07:46:40 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$t food banks 6-10.rtf
    [2010/07/14 09:53:00 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
    [2010/07/14 08:58:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\9bvmfypp.exe
    [2010/07/13 14:42:28 | 000,530,084 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/07/13 14:42:28 | 000,461,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/07/13 14:42:28 | 000,079,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/07/13 14:31:04 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Quotes I Like.doc
    [2010/07/13 11:35:36 | 000,001,155 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp-2.csv
    [2010/07/12 17:18:02 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
    [2010/07/12 17:18:02 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
    [2010/07/12 17:18:02 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
    [2010/07/12 17:18:02 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/07/12 17:18:01 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
    [2010/07/12 09:00:27 | 001,133,338 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Firearms Safety in the Home.PDF
    [2010/07/12 08:03:19 | 001,777,717 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\July Newsletter.pdf
    [2010/07/09 16:15:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
    [2010/07/08 16:20:09 | 000,355,282 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\private detective_security application.pdf
    [2010/07/08 14:23:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/07/08 07:13:32 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/07/06 11:19:50 | 000,001,153 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/06 10:30:24 | 000,154,075 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Re Request for Money for Security Team Headsets.eml
    [2010/07/05 17:09:40 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Security Team Roster updtd 5Jul10.xls
    [2010/07/01 12:43:31 | 005,692,835 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Zx1_xUG_GLB_en.pdf
    [2010/06/30 09:56:56 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\license.xbin
    [2010/06/30 09:56:46 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk
    [2010/06/30 09:06:15 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/06/30 09:06:15 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/06/30 09:01:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/30 08:58:50 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2010/06/30 08:56:49 | 000,020,394 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100630_085632.reg
    [2010/06/28 17:58:37 | 000,035,563 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Authors I Like.doc
    [2010/06/24 15:32:12 | 000,231,936 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\marapr10newsletter.doc
    [2010/06/24 13:40:09 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DVDVideoSoft Free Studio.lnk
    [2010/06/24 10:37:27 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/06/23 14:01:55 | 003,112,200 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PCMatic Ref Guide.PDF
    [2010/06/23 13:51:31 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Matic.lnk
    [2010/06/23 09:39:34 | 000,116,224 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/22 15:47:20 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\H.U.G. Events.doc
    [2010/06/22 15:46:07 | 000,015,558 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\H.U.G. Events.docx
    [2010/06/22 08:58:06 | 000,013,651 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Rx needed June 2010.docx
    [2010/06/21 18:37:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/06/21 18:07:39 | 000,624,170 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\MotorolaXTN%20Series%20Accessories.pdf
    [2010/06/20 14:03:35 | 000,110,557 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Jul-2010-to-Aug-2010-NgW2.rtf
    [2010/06/20 14:01:45 | 000,107,478 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSf1-Jul-2010-to-Aug-2010-N93P.rtf
    [2010/06/13 15:26:03 | 001,505,732 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\June newsletter.pdf
    [2010/06/13 15:23:52 | 001,505,732 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\June newsletter-1.pdf
    [2010/06/11 09:52:04 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EVEREST Home Edition.lnk
    [2010/06/10 11:13:13 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp-1.csv
    [2010/06/10 11:13:07 | 000,013,506 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp.csv
    [2010/06/10 10:36:11 | 000,093,187 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Memories of Zoey.docx
    [2010/06/09 10:06:30 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of Security Team Roster updtd 24May09.xls
    [2010/06/09 09:37:34 | 000,352,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/05 11:50:53 | 002,576,379 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1B56DD79d01.pdf
    [2010/06/05 11:49:44 | 000,755,537 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Me_and_Web_Shadow_Excerpt_REV.pdf
    [2010/06/03 13:46:09 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Lynne's Meds List as of 03 Jun 10.doc
    [2010/06/03 13:41:58 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary's Meds List1 as of 03 Jun 10.doc
    [2010/06/03 13:39:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary's Meds List1 as of 20 Jan 10.doc
    [2010/05/29 10:14:09 | 000,582,294 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\79CAF680d01.pdf
    [2010/05/28 11:20:11 | 000,013,173 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\2010 Donations.docx
    [2010/05/24 11:58:19 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010/05/21 19:05:42 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/05/18 08:48:33 | 000,110,703 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Jun-2010-to-Jul-2010-7SD0.rtf
    [2010/05/13 09:10:26 | 002,320,114 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Samsung Intensity User Manual.PDF
    [2010/05/12 15:08:31 | 000,036,223 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\bootable_usb_flash_drive.html
    [2010/05/12 12:15:32 | 000,040,311 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\fix_mbr.html
    [2010/05/07 16:25:18 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Verizon Chat.doc
    [2010/05/07 16:24:53 | 000,014,991 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Verizon Chat.docx
    [2010/05/05 10:25:04 | 001,324,805 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\A45B6D42d01.pdf
    [2010/05/01 10:17:41 | 000,114,226 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jason Lefmann FB.htm
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/29 10:58:14 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/04/26 12:24:39 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
    [2010/04/23 10:20:03 | 000,014,626 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Community Bible Church Membership Discount Application(2010).docx
    [2010/04/22 09:24:14 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary Medical History.xls
    [2010/04/22 09:23:59 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Medical History Gary.xls
    [314 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/17 13:39:52 | 001,475,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Health Discovery Painkillers Increase Heart Attack, Stroke Risks in Healthy - AARP Bulletin.mht
    [2010/07/16 18:06:52 | 000,000,281 | ---- | C] () -- C:\Boot.bak
    [2010/07/16 16:47:15 | 000,526,013 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Colbie_Image_B.jpg
    [2010/07/16 13:40:21 | 003,738,072 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe.GetRight
    [2010/07/16 08:03:36 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary Lefmann's Meds List as of 16 Jul 10.doc
    [2010/07/15 17:56:13 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CrystalDiskInfo.lnk
    [2010/07/15 14:16:15 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Realtek HD Sound Effect Manager.lnk
    [2010/07/15 07:49:03 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\low-cost and early-age spay neuter clinics 6-10.doc
    [2010/07/15 07:49:03 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$w-cost and early-age spay neuter clinics 6-10.doc
    [2010/07/15 07:48:17 | 000,133,959 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\transporters 6-10.rtf
    [2010/07/15 07:48:17 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$ansporters 6-10.rtf
    [2010/07/15 07:47:41 | 000,152,140 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\help for lost pets 6-10.rtf
    [2010/07/15 07:47:41 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$lp for lost pets 6-10.rtf
    [2010/07/15 07:47:10 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\financial aid for pets 6-10.doc
    [2010/07/15 07:47:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$nancial aid for pets 6-10.doc
    [2010/07/15 07:46:40 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$t food banks 6-10.rtf
    [2010/07/15 07:46:39 | 000,053,440 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\pet food banks 6-10.rtf
    [2010/07/14 09:53:00 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
    [2010/07/14 08:58:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\9bvmfypp.exe
    [2010/07/12 09:00:46 | 001,133,338 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Firearms Safety in the Home.PDF
    [2010/07/12 08:09:28 | 001,777,717 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\July Newsletter.pdf
    [2010/07/08 16:21:38 | 000,355,282 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\private detective_security application.pdf
    [2010/07/08 14:23:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/07/06 10:30:24 | 000,154,075 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Re Request for Money for Security Team Headsets.eml
    [2010/07/05 16:54:43 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Security Team Roster updtd 5Jul10.xls
    [2010/07/01 12:42:11 | 005,692,835 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Zx1_xUG_GLB_en.pdf
    [2010/06/30 09:56:46 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk
    [2010/06/30 08:56:38 | 000,020,394 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20100630_085632.reg
    [2010/06/29 13:17:44 | 000,001,632 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job
    [2010/06/29 07:28:09 | 012,509,184 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
    [2010/06/25 12:24:02 | 000,001,632 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    [2010/06/24 15:32:11 | 000,231,936 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\marapr10newsletter.doc
    [2010/06/24 13:40:02 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DVDVideoSoft Free Studio.lnk
    [2010/06/23 14:06:37 | 003,112,200 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PCMatic Ref Guide.PDF
    [2010/06/23 13:51:31 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Matic.lnk
    [2010/06/22 15:47:19 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\H.U.G. Events.doc
    [2010/06/22 15:31:29 | 000,015,558 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\H.U.G. Events.docx
    [2010/06/22 08:51:18 | 000,013,651 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Rx needed June 2010.docx
    [2010/06/21 18:08:48 | 000,624,170 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\MotorolaXTN%20Series%20Accessories.pdf
    [2010/06/20 14:03:34 | 000,110,557 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Jul-2010-to-Aug-2010-NgW2.rtf
    [2010/06/20 14:01:45 | 000,107,478 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSf1-Jul-2010-to-Aug-2010-N93P.rtf
    [2010/06/13 15:26:02 | 001,505,732 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\June newsletter.pdf
    [2010/06/13 15:25:30 | 001,505,732 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\June newsletter-1.pdf
    [2010/06/11 09:52:04 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EVEREST Home Edition.lnk
    [2010/06/10 10:45:19 | 000,001,155 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp-2.csv
    [2010/06/10 10:45:06 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp-1.csv
    [2010/06/10 10:44:52 | 000,013,506 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pfp.csv
    [2010/06/10 10:25:07 | 000,093,187 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Memories of Zoey.docx
    [2010/06/09 10:06:30 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of Security Team Roster updtd 24May09.xls
    [2010/06/05 11:51:06 | 002,576,379 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1B56DD79d01.pdf
    [2010/06/05 11:50:38 | 000,755,537 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Me_and_Web_Shadow_Excerpt_REV.pdf
    [2010/06/03 13:44:12 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Lynne's Meds List as of 03 Jun 10.doc
    [2010/06/03 13:40:39 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Gary's Meds List1 as of 03 Jun 10.doc
    [2010/05/29 10:14:09 | 000,582,294 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\79CAF680d01.pdf
    [2010/05/28 11:12:35 | 000,013,173 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\2010 Donations.docx
    [2010/05/21 18:42:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls
    [2010/05/21 18:41:59 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\locale.nls
    [2010/05/21 18:41:53 | 000,079,996 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
    [2010/05/18 08:48:33 | 000,110,703 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\monthPSn1-Jun-2010-to-Jul-2010-7SD0.rtf
    [2010/05/13 09:15:38 | 002,320,114 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Samsung Intensity User Manual.PDF
    [2010/05/12 15:08:30 | 000,036,223 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\bootable_usb_flash_drive.html
    [2010/05/12 12:15:26 | 000,040,311 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\fix_mbr.html
    [2010/05/07 16:25:18 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Verizon Chat.doc
    [2010/05/07 16:24:53 | 000,014,991 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Verizon Chat.docx
    [2010/05/05 10:29:16 | 001,324,805 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\A45B6D42d01.pdf
    [2010/05/01 10:17:39 | 000,114,226 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jason Lefmann FB.htm
    [2010/04/26 12:24:39 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
    [2010/04/23 10:20:03 | 000,014,626 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Community Bible Church Membership Discount Application(2010).docx
    [2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
    [2009/07/14 12:57:38 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009/05/27 13:51:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
    [2008/11/01 09:18:37 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2008/10/24 09:27:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2007/12/27 15:17:33 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2007/12/19 15:28:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2007/12/04 17:12:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/10/26 10:20:10 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
    [2007/10/17 11:00:14 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpsjbmgr.ini
    [2007/10/17 10:57:05 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [2007/10/17 10:57:05 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [2007/10/17 10:57:04 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\hpscan32.dll
    [2007/08/07 19:20:13 | 000,001,432 | ---- | C] () -- C:\WINDOWS\cgzk_hv.ini
    [2007/07/18 13:45:14 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI
    [2007/07/18 06:20:47 | 000,005,816 | ---- | C] () -- C:\WINDOWS\System32\casigmgr32s.dll
    [2007/06/09 10:52:38 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2007/06/01 13:30:27 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2007/04/30 09:57:43 | 000,046,240 | ---- | C] () -- C:\WINDOWS\Awmodem.ini
    [2007/04/21 09:30:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2006/11/27 12:13:05 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
    [2006/11/21 11:47:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/11/19 14:02:24 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
    [2006/11/16 21:28:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2006/11/02 16:35:36 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
    [2006/09/22 15:11:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/09/22 14:48:27 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2006/09/22 14:42:20 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/09/22 14:42:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/09/22 14:38:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/09/22 14:25:07 | 000,000,193 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2006/09/22 14:24:30 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/09/22 14:17:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/09/22 14:13:39 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/09/22 14:13:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/09/22 14:12:15 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/09/22 13:48:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
    [2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
    [2004/08/10 00:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2004/08/10 00:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
    [2004/08/10 00:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
    [2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
    [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2009/12/21 12:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
    [2006/11/18 08:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    [2006/09/22 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2009/03/20 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2010/02/12 14:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
    [2009/01/21 18:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2010/04/24 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2009/06/12 08:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
    [2010/02/23 10:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2008/04/05 08:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
    [2007/09/16 14:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2009/12/21 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page
    [2010/07/13 15:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2007/02/22 14:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2006/11/17 14:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2007/12/27 11:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2009/01/17 17:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/07/12 17:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TiVo
    [2007/07/03 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2008/01/18 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2007/08/02 13:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
    [2010/04/19 08:56:14 | 000,001,022 | -H-- | M] () -- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    [2010/07/18 13:02:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6ACC229A-6DB3-4E23-AD97-BCD4B9F544EE}.job
    [2010/07/17 23:00:12 | 000,001,632 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L107A1E82D2E74995BB94728F086B491C.job
    [2010/07/17 23:00:00 | 000,001,632 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L85288786C24444F49F2A6E7D2CE4BD98.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/07/13 09:24:07 | 000,080,636 | ---- | M] () -- C:\aaw7boot.log
    [2007/01/02 16:14:20 | 000,055,457 | ---- | M] () -- C:\addressbook.ldif
    [2006/09/22 14:37:50 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2006/11/16 21:01:53 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2010/07/16 18:06:52 | 000,000,279 | RHS- | M] () -- C:\boot.ini
    [2005/12/29 16:42:04 | 000,206,376 | ---- | M] (Computer Associates International, Inc.) -- C:\calic.dll
    [2005/12/29 16:42:14 | 000,292,392 | ---- | M] () -- C:\cauninst.exe
    [2005/12/29 16:42:08 | 000,124,456 | ---- | M] (Computer Associates International, Inc.) -- C:\cavfrm.dll
    [2005/12/29 16:43:14 | 000,222,760 | ---- | M] (Computer Associates International, Inc.) -- C:\cavprod.dll
    [2005/12/29 16:43:06 | 000,050,728 | ---- | M] (Computer Associates International, Inc.) -- C:\cavres.dll
    [2004/08/09 17:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/07/17 13:58:07 | 000,034,494 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/10/27 12:40:30 | 000,046,285 | ---- | M] () -- C:\eisspp.chm
    [2005/12/29 16:42:06 | 000,116,264 | ---- | M] (Computer Associates International, Inc.) -- C:\ezavlic.dll
    [2008/08/07 11:22:20 | 000,023,129 | ---- | M] () -- C:\HijackPatrol.log
    [2010/07/16 13:38:58 | 000,852,868 | ---- | M] () -- C:\hpfr5550.log
    [2010/07/16 13:38:58 | 000,000,552 | ---- | M] () -- C:\hpfr5550.xml
    [2006/09/22 14:47:14 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
    [2005/08/31 00:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005/12/29 16:42:08 | 000,124,456 | ---- | M] (Computer Associates International, Inc.) -- C:\issfrm.dll
    [2005/12/29 16:43:06 | 000,050,728 | ---- | M] (Computer Associates International, Inc.) -- C:\issres.dll
    [2008/08/07 17:41:13 | 000,007,688 | ---- | M] () -- C:\JavaRa.log
    [2005/12/29 16:42:10 | 000,071,208 | ---- | M] () -- C:\license.dll
    [2005/10/11 15:16:14 | 000,128,558 | ---- | M] () -- C:\license.txt
    [2010/03/29 18:16:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2005/08/31 00:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/09 17:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/05/21 19:05:42 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2008/04/23 11:49:12 | 000,004,695 | ---- | M] () -- C:\Pack WisdomTrace.txt
    [2010/07/18 12:52:06 | 2078,781,440 | -HS- | M] () -- C:\pagefile.sys
    [2007/04/30 11:56:53 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
    [2010/02/06 10:09:52 | 000,000,000 | ---- | M] () -- C:\temp.html
    [2008/11/01 10:14:12 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
    [2009/03/04 08:46:45 | 000,000,771 | ---- | M] () -- C:\WKCALREM.LNK

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/10/14 16:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/06/03 21:29:06 | 000,076,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.dll >
    [2006/02/19 13:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
    [8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [2005/07/26 07:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
    [2009/11/06 13:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
    [314 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2005/08/30 16:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/30 16:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/30 16:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll
    [314 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2004/08/10 00:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
    [314 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2004/08/10 00:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
    [314 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    ========== Files - Unicode (All) ==========
    [2009/10/03 09:45:32 | 000,000,119 | ---- | M] ()(C:\?369???????????.url) -- C:\来369搜索让你上网也能赚大钱.url
    [2009/10/03 09:45:32 | 000,000,119 | ---- | M] ()(C:\?????????????.url) -- C:\网络赚钱美好人生从意天开始.url
    [2009/10/03 09:45:32 | 000,000,118 | ---- | M] ()(C:\????,sondle??,????.url) -- C:\梦想成真,sondle软件,为您服务.url
    [2009/10/03 08:29:04 | 000,000,119 | ---- | C] ()(C:\?369???????????.url) -- C:\来369搜索让你上网也能赚大钱.url
    [2009/10/03 08:29:04 | 000,000,119 | ---- | C] ()(C:\?????????????.url) -- C:\网络赚钱美好人生从意天开始.url
    [2009/10/03 08:29:04 | 000,000,118 | ---- | C] ()(C:\????,sondle??,????.url) -- C:\梦想成真,sondle软件,为您服务.url

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
    @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7C4A02
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >
     
    writeman47,
    #16
  18. 2010/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go to Add\Remove and uninstall all older Java versions (except for Java 6 Update 21).

    =================================================================

    Is there any reason, system restore is disabled, or you're not aware of it?

    ==================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab  (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab  (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2...nAxControl.CAB  (Reg Error: Key error.)
O18 - Protocol\Handler\cf - No CLSID value found
O30 - LSA: Security Packages - (625\ecurity Packages settings..) - File not found
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[314 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2006/11/18 08:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/10/03 09:45:32 | 000,000,119 | ---- | M] ()(C:\?369???????????.url) -- C:\来369搜索让你上网也能赚大钱.url
[2009/10/03 09:45:32 | 000,000,119 | ---- | M] ()(C:\?????????????.url) -- C:\网络赚钱美好人生从意天开始.url
[2009/10/03 09:45:32 | 000,000,118 | ---- | M] ()(C:\????,sondle??,????.url) -- C:\梦想成真,sondle软件,为您服务.url
[2009/10/03 08:29:04 | 000,000,119 | ---- | C] ()(C:\?369???????????.url) -- C:\来369搜索让你上网也能赚大钱.url
[2009/10/03 08:29:04 | 000,000,119 | ---- | C] ()(C:\?????????????.url) -- C:\网络赚钱美好人生从意天开始.url
[2009/10/03 08:29:04 | 000,000,118 | ---- | C] ()(C:\????,sondle??,????.url) -- C:\梦想成真,sondle软件,为您服务.url
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7C4A02
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #17
  19. 2010/07/18
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    Add/remove only shows Java 6 Update 21
    I was NOT aware System Restore is disabled. Should I try to enable?

    All processes killed
    ========== OTL ==========
    Service SYMIDSCO stopped successfully!
    Service SYMIDSCO deleted successfully!
    File C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys not found.
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\ComboFix\catchme.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Starting removal of ActiveX control {74C861A1-D548-4916-BC8A-FDE92EDFF62C}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cf\ deleted successfully.
    File Protocol\Handler\cf - No CLSID value found not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:625\ecurity Packages settings.. deleted successfully.
    C:\WINDOWS\Fonts\SET656.tmp deleted successfully.
    C:\WINDOWS\Fonts\SET657.tmp deleted successfully.
    C:\WINDOWS\Fonts\SET658.tmp deleted successfully.
    C:\WINDOWS\Fonts\SET659.tmp deleted successfully.
    C:\WINDOWS\Fonts\SET65A.tmp deleted successfully.
    C:\WINDOWS\Fonts\SET65B.tmp deleted successfully.
    C:\WINDOWS\Fonts\SET65C.tmp deleted successfully.
    C:\WINDOWS\Fonts\SET65D.tmp deleted successfully.
    C:\WINDOWS\System32\REN110.tmp deleted successfully.
    C:\WINDOWS\System32\REN111.tmp deleted successfully.
    C:\WINDOWS\System32\REN112.tmp deleted successfully.
    C:\WINDOWS\System32\REN2C2.tmp deleted successfully.
    C:\WINDOWS\System32\REN2C3.tmp deleted successfully.
    C:\WINDOWS\System32\REN2C4.tmp deleted successfully.
    C:\WINDOWS\System32\REN2CDB.tmp deleted successfully.
    C:\WINDOWS\System32\REN2CDC.tmp deleted successfully.
    C:\WINDOWS\System32\REN2CDD.tmp deleted successfully.
    C:\WINDOWS\System32\REN2E.tmp deleted successfully.
    C:\WINDOWS\System32\REN2F.tmp deleted successfully.
    C:\WINDOWS\System32\REN30.tmp deleted successfully.
    C:\WINDOWS\System32\REN4F6.tmp deleted successfully.
    C:\WINDOWS\System32\REN4F7.tmp deleted successfully.
    C:\WINDOWS\System32\REN4F8.tmp deleted successfully.
    C:\WINDOWS\System32\REN54.tmp deleted successfully.
    C:\WINDOWS\System32\REN55.tmp deleted successfully.
    C:\WINDOWS\System32\REN56.tmp deleted successfully.
    C:\WINDOWS\System32\REN663.tmp deleted successfully.
    C:\WINDOWS\System32\REN664.tmp deleted successfully.
    C:\WINDOWS\System32\REN665.tmp deleted successfully.
    C:\WINDOWS\System32\REN789.tmp deleted successfully.
    C:\WINDOWS\System32\REN78A.tmp deleted successfully.
    C:\WINDOWS\System32\REN78B.tmp deleted successfully.
    C:\WINDOWS\System32\RENA3.tmp deleted successfully.
    C:\WINDOWS\System32\RENA4.tmp deleted successfully.
    C:\WINDOWS\System32\RENA5.tmp deleted successfully.
    C:\WINDOWS\System32\RENB16.tmp deleted successfully.
    C:\WINDOWS\System32\RENB17.tmp deleted successfully.
    C:\WINDOWS\System32\RENB18.tmp deleted successfully.
    C:\WINDOWS\System32\RENC5.tmp deleted successfully.
    C:\WINDOWS\System32\RENC6.tmp deleted successfully.
    C:\WINDOWS\System32\RENC7.tmp deleted successfully.
    C:\WINDOWS\System32\SET137A.tmp deleted successfully.
    C:\WINDOWS\System32\SET137C.tmp deleted successfully.
    C:\WINDOWS\System32\SET137D.tmp deleted successfully.
    C:\WINDOWS\System32\SET1380.tmp deleted successfully.
    C:\WINDOWS\System32\SET1381.tmp deleted successfully.
    C:\WINDOWS\System32\SET1385.tmp deleted successfully.
    C:\WINDOWS\System32\SET1387.tmp deleted successfully.
    C:\WINDOWS\System32\SET138D.tmp deleted successfully.
    C:\WINDOWS\System32\SET13B3.tmp deleted successfully.
    C:\WINDOWS\System32\SET13D4.tmp deleted successfully.
    C:\WINDOWS\System32\SET13DA.tmp deleted successfully.
    C:\WINDOWS\System32\SET13F2.tmp deleted successfully.
    C:\WINDOWS\System32\SET345.tmp deleted successfully.
    C:\WINDOWS\System32\SET348.tmp deleted successfully.
    C:\WINDOWS\System32\SET349.tmp deleted successfully.
    C:\WINDOWS\System32\SET34B.tmp deleted successfully.
    C:\WINDOWS\System32\SET34D.tmp deleted successfully.
    C:\WINDOWS\System32\SET34F.tmp deleted successfully.
    C:\WINDOWS\System32\SET356.tmp deleted successfully.
    C:\WINDOWS\System32\SET357.tmp deleted successfully.
    C:\WINDOWS\System32\SET35A.tmp deleted successfully.
    C:\WINDOWS\System32\SET363.tmp deleted successfully.
    C:\WINDOWS\System32\SET364.tmp deleted successfully.
    C:\WINDOWS\System32\SET365.tmp deleted successfully.
    C:\WINDOWS\System32\SET367.tmp deleted successfully.
    C:\WINDOWS\System32\SET368.tmp deleted successfully.
    C:\WINDOWS\System32\SET369.tmp deleted successfully.
    C:\WINDOWS\System32\SET36A.tmp deleted successfully.
    C:\WINDOWS\System32\SET36B.tmp deleted successfully.
    C:\WINDOWS\System32\SET36D.tmp deleted successfully.
    C:\WINDOWS\System32\SET36E.tmp deleted successfully.
    C:\WINDOWS\System32\SET36F.tmp deleted successfully.
    C:\WINDOWS\System32\SET372.tmp deleted successfully.
    C:\WINDOWS\System32\SET379.tmp deleted successfully.
    C:\WINDOWS\System32\SET37A.tmp deleted successfully.
    C:\WINDOWS\System32\SET37B.tmp deleted successfully.
    C:\WINDOWS\System32\SET37E.tmp deleted successfully.
    C:\WINDOWS\System32\SET380.tmp deleted successfully.
    C:\WINDOWS\System32\SET381.tmp deleted successfully.
    C:\WINDOWS\System32\SET384.tmp deleted successfully.
    C:\WINDOWS\System32\SET386.tmp deleted successfully.
    C:\WINDOWS\System32\SET387.tmp deleted successfully.
    C:\WINDOWS\System32\SET389.tmp deleted successfully.
    C:\WINDOWS\System32\SET38A.tmp deleted successfully.
    C:\WINDOWS\System32\SET38D.tmp deleted successfully.
    C:\WINDOWS\System32\SET38F.tmp deleted successfully.
    C:\WINDOWS\System32\SET392.tmp deleted successfully.
    C:\WINDOWS\System32\SET393.tmp deleted successfully.
    C:\WINDOWS\System32\SET394.tmp deleted successfully.
    C:\WINDOWS\System32\SET395.tmp deleted successfully.
    C:\WINDOWS\System32\SET396.tmp deleted successfully.
    C:\WINDOWS\System32\SET399.tmp deleted successfully.
    C:\WINDOWS\System32\SET39C.tmp deleted successfully.
    C:\WINDOWS\System32\SET3A1.tmp deleted successfully.
    C:\WINDOWS\System32\SET3A2.tmp deleted successfully.
    C:\WINDOWS\System32\SET3A5.tmp deleted successfully.
    C:\WINDOWS\System32\SET3A8.tmp deleted successfully.
    C:\WINDOWS\System32\SET3A9.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B0.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B1.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B3.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B6.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B7.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C0.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C1.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C4.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C6.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C7.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C8.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C9.tmp deleted successfully.
    C:\WINDOWS\System32\SET3CA.tmp deleted successfully.
    C:\WINDOWS\System32\SET3CB.tmp deleted successfully.
    C:\WINDOWS\System32\SET3D0.tmp deleted successfully.
    C:\WINDOWS\System32\SET3D1.tmp deleted successfully.
    C:\WINDOWS\System32\SET3D2.tmp deleted successfully.
    C:\WINDOWS\System32\SET3DE.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E3.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E5.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E7.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E8.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E9.tmp deleted successfully.
    C:\WINDOWS\System32\SET3EA.tmp deleted successfully.
    C:\WINDOWS\System32\SET3EC.tmp deleted successfully.
    C:\WINDOWS\System32\SET3ED.tmp deleted successfully.
    C:\WINDOWS\System32\SET3F1.tmp deleted successfully.
    C:\WINDOWS\System32\SET3F2.tmp deleted successfully.
    C:\WINDOWS\System32\SET3F5.tmp deleted successfully.
    C:\WINDOWS\System32\SET3F6.tmp deleted successfully.
    C:\WINDOWS\System32\SET3F7.tmp deleted successfully.
    C:\WINDOWS\System32\SET3FD.tmp deleted successfully.
    C:\WINDOWS\System32\SET3FE.tmp deleted successfully.
    C:\WINDOWS\System32\SET3FF.tmp deleted successfully.
    C:\WINDOWS\System32\SET407.tmp deleted successfully.
    C:\WINDOWS\System32\SET408.tmp deleted successfully.
    C:\WINDOWS\System32\SET40D.tmp deleted successfully.
    C:\WINDOWS\System32\SET40E.tmp deleted successfully.
    C:\WINDOWS\System32\SET40F.tmp deleted successfully.
    C:\WINDOWS\System32\SET410.tmp deleted successfully.
    C:\WINDOWS\System32\SET412.tmp deleted successfully.
    C:\WINDOWS\System32\SET418.tmp deleted successfully.
    C:\WINDOWS\System32\SET424.tmp deleted successfully.
    C:\WINDOWS\System32\SET426.tmp deleted successfully.
    C:\WINDOWS\System32\SET428.tmp deleted successfully.
    C:\WINDOWS\System32\SET429.tmp deleted successfully.
    C:\WINDOWS\System32\SET42A.tmp deleted successfully.
    C:\WINDOWS\System32\SET42C.tmp deleted successfully.
    C:\WINDOWS\System32\SET42D.tmp deleted successfully.
    C:\WINDOWS\System32\SET435.tmp deleted successfully.
    C:\WINDOWS\System32\SET437.tmp deleted successfully.
    C:\WINDOWS\System32\SET438.tmp deleted successfully.
    C:\WINDOWS\System32\SET43B.tmp deleted successfully.
    C:\WINDOWS\System32\SET43D.tmp deleted successfully.
    C:\WINDOWS\System32\SET440.tmp deleted successfully.
    C:\WINDOWS\System32\SET445.tmp deleted successfully.
    C:\WINDOWS\System32\SET448.tmp deleted successfully.
    C:\WINDOWS\System32\SET449.tmp deleted successfully.
    C:\WINDOWS\System32\SET44E.tmp deleted successfully.
    C:\WINDOWS\System32\SET44F.tmp deleted successfully.
    C:\WINDOWS\System32\SET451.tmp deleted successfully.
    C:\WINDOWS\System32\SET452.tmp deleted successfully.
    C:\WINDOWS\System32\SET453.tmp deleted successfully.
    C:\WINDOWS\System32\SET459.tmp deleted successfully.
    C:\WINDOWS\System32\SET45A.tmp deleted successfully.
    C:\WINDOWS\System32\SET45D.tmp deleted successfully.
    C:\WINDOWS\System32\SET45E.tmp deleted successfully.
    C:\WINDOWS\System32\SET45F.tmp deleted successfully.
    C:\WINDOWS\System32\SET460.tmp deleted successfully.
    C:\WINDOWS\System32\SET461.tmp deleted successfully.
    C:\WINDOWS\System32\SET463.tmp deleted successfully.
    C:\WINDOWS\System32\SET464.tmp deleted successfully.
    C:\WINDOWS\System32\SET465.tmp deleted successfully.
    C:\WINDOWS\System32\SET467.tmp deleted successfully.
    C:\WINDOWS\System32\SET468.tmp deleted successfully.
    C:\WINDOWS\System32\SET469.tmp deleted successfully.
    C:\WINDOWS\System32\SET46B.tmp deleted successfully.
    C:\WINDOWS\System32\SET46E.tmp deleted successfully.
    C:\WINDOWS\System32\SET473.tmp deleted successfully.
    C:\WINDOWS\System32\SET474.tmp deleted successfully.
    C:\WINDOWS\System32\SET475.tmp deleted successfully.
    C:\WINDOWS\System32\SET479.tmp deleted successfully.
    C:\WINDOWS\System32\SET47A.tmp deleted successfully.
    C:\WINDOWS\System32\SET47B.tmp deleted successfully.
    C:\WINDOWS\System32\SET47D.tmp deleted successfully.
    C:\WINDOWS\System32\SET480.tmp deleted successfully.
    C:\WINDOWS\System32\SET482.tmp deleted successfully.
    C:\WINDOWS\System32\SET483.tmp deleted successfully.
    C:\WINDOWS\System32\SET486.tmp deleted successfully.
    C:\WINDOWS\System32\SET487.tmp deleted successfully.
    C:\WINDOWS\System32\SET48A.tmp deleted successfully.
    C:\WINDOWS\System32\SET48D.tmp deleted successfully.
    C:\WINDOWS\System32\SET48E.tmp deleted successfully.
    C:\WINDOWS\System32\SET490.tmp deleted successfully.
    C:\WINDOWS\System32\SET491.tmp deleted successfully.
    C:\WINDOWS\System32\SET495.tmp deleted successfully.
    C:\WINDOWS\System32\SET499.tmp deleted successfully.
    C:\WINDOWS\System32\SET49C.tmp deleted successfully.
    C:\WINDOWS\System32\SET49E.tmp deleted successfully.
    C:\WINDOWS\System32\SET49F.tmp deleted successfully.
    C:\WINDOWS\System32\SET4A0.tmp deleted successfully.
    C:\WINDOWS\System32\SET4A3.tmp deleted successfully.
    C:\WINDOWS\System32\SET4A5.tmp deleted successfully.
    C:\WINDOWS\System32\SET4A9.tmp deleted successfully.
    C:\WINDOWS\System32\SET4AA.tmp deleted successfully.
    C:\WINDOWS\System32\SET4AC.tmp deleted successfully.
    C:\WINDOWS\System32\SET4AD.tmp deleted successfully.
    C:\WINDOWS\System32\SET4B2.tmp deleted successfully.
    C:\WINDOWS\System32\SET4B3.tmp deleted successfully.
    C:\WINDOWS\System32\SET4B4.tmp deleted successfully.
    C:\WINDOWS\System32\SET4B5.tmp deleted successfully.
    C:\WINDOWS\System32\SET4B6.tmp deleted successfully.
    C:\WINDOWS\System32\SET4B7.tmp deleted successfully.
    C:\WINDOWS\System32\SET4B8.tmp deleted successfully.
    C:\WINDOWS\System32\SET4BA.tmp deleted successfully.
    C:\WINDOWS\System32\SET4BC.tmp deleted successfully.
    C:\WINDOWS\System32\SET4BF.tmp deleted successfully.
    C:\WINDOWS\System32\SET4C3.tmp deleted successfully.
    C:\WINDOWS\System32\SET4C4.tmp deleted successfully.
    C:\WINDOWS\System32\SET4C5.tmp deleted successfully.
    C:\WINDOWS\System32\SET4C6.tmp deleted successfully.
    C:\WINDOWS\System32\SET4C7.tmp deleted successfully.
    C:\WINDOWS\System32\SET4C9.tmp deleted successfully.
    C:\WINDOWS\System32\SET4CB.tmp deleted successfully.
    C:\WINDOWS\System32\SET4CC.tmp deleted successfully.
    C:\WINDOWS\System32\SET4CD.tmp deleted successfully.
    C:\WINDOWS\System32\SET4CF.tmp deleted successfully.
    C:\WINDOWS\System32\SET4D0.tmp deleted successfully.
    C:\WINDOWS\System32\SET4D5.tmp deleted successfully.
    C:\WINDOWS\System32\SET4D7.tmp deleted successfully.
    C:\WINDOWS\System32\SET4D8.tmp deleted successfully.
    C:\WINDOWS\System32\SET4DD.tmp deleted successfully.
    C:\WINDOWS\System32\SET4E8.tmp deleted successfully.
    C:\WINDOWS\System32\SET4EA.tmp deleted successfully.
    C:\WINDOWS\System32\SET4EB.tmp deleted successfully.
    C:\WINDOWS\System32\SET4EC.tmp deleted successfully.
    C:\WINDOWS\System32\SET4EF.tmp deleted successfully.
    C:\WINDOWS\System32\SET4F4.tmp deleted successfully.
    C:\WINDOWS\System32\SET4F7.tmp deleted successfully.
    C:\WINDOWS\System32\SET4F8.tmp deleted successfully.
    C:\WINDOWS\System32\SET4F9.tmp deleted successfully.
    C:\WINDOWS\System32\SET4FF.tmp deleted successfully.
    C:\WINDOWS\System32\SET501.tmp deleted successfully.
    C:\WINDOWS\System32\SET502.tmp deleted successfully.
    C:\WINDOWS\System32\SET507.tmp deleted successfully.
    C:\WINDOWS\System32\SET509.tmp deleted successfully.
    C:\WINDOWS\System32\SET51A.tmp deleted successfully.
    C:\WINDOWS\System32\SET51E.tmp deleted successfully.
    C:\WINDOWS\System32\SET520.tmp deleted successfully.
    C:\WINDOWS\System32\SET522.tmp deleted successfully.
    C:\WINDOWS\System32\SET528.tmp deleted successfully.
    C:\WINDOWS\System32\SET529.tmp deleted successfully.
    C:\WINDOWS\System32\SET52C.tmp deleted successfully.
    C:\WINDOWS\System32\SET531.tmp deleted successfully.
    C:\WINDOWS\System32\SET53A.tmp deleted successfully.
    C:\WINDOWS\System32\SET53F.tmp deleted successfully.
    C:\WINDOWS\System32\SET541.tmp deleted successfully.
    C:\WINDOWS\System32\SET543.tmp deleted successfully.
    C:\WINDOWS\System32\SET544.tmp deleted successfully.
    C:\WINDOWS\System32\SET545.tmp deleted successfully.
    C:\WINDOWS\System32\SET54B.tmp deleted successfully.
    C:\WINDOWS\System32\SET54E.tmp deleted successfully.
    C:\WINDOWS\System32\SET54F.tmp deleted successfully.
    C:\WINDOWS\System32\SET556.tmp deleted successfully.
    C:\WINDOWS\System32\SET559.tmp deleted successfully.
    C:\WINDOWS\System32\SET55B.tmp deleted successfully.
    C:\WINDOWS\System32\SET561.tmp deleted successfully.
    C:\WINDOWS\System32\SET56B.tmp deleted successfully.
    C:\WINDOWS\System32\SET56E.tmp deleted successfully.
    C:\WINDOWS\System32\SET571.tmp deleted successfully.
    C:\WINDOWS\System32\SET572.tmp deleted successfully.
    C:\WINDOWS\System32\SET574.tmp deleted successfully.
    C:\WINDOWS\System32\SET575.tmp deleted successfully.
    C:\WINDOWS\System32\SET582.tmp deleted successfully.
    C:\WINDOWS\System32\SET58D.tmp deleted successfully.
    C:\WINDOWS\System32\SET59D.tmp deleted successfully.
    C:\WINDOWS\System32\SET59E.tmp deleted successfully.
    C:\WINDOWS\System32\SET5A3.tmp deleted successfully.
    C:\WINDOWS\System32\SET5AD.tmp deleted successfully.
    C:\WINDOWS\System32\SET5AE.tmp deleted successfully.
    C:\WINDOWS\System32\SET5BD.tmp deleted successfully.
    C:\WINDOWS\System32\SET5BF.tmp deleted successfully.
    C:\WINDOWS\System32\SET5C0.tmp deleted successfully.
    C:\WINDOWS\System32\SET5C3.tmp deleted successfully.
    C:\WINDOWS\System32\SET5C8.tmp deleted successfully.
    C:\WINDOWS\System32\SET5CA.tmp deleted successfully.
    C:\WINDOWS\System32\SET5CE.tmp deleted successfully.
    C:\WINDOWS\System32\SET5CF.tmp deleted successfully.
    C:\WINDOWS\System32\SET5D2.tmp deleted successfully.
    C:\WINDOWS\System32\SET5D3.tmp deleted successfully.
    C:\WINDOWS\System32\SET5D5.tmp deleted successfully.
    C:\WINDOWS\System32\SET5D6.tmp deleted successfully.
    C:\WINDOWS\System32\SET5D7.tmp deleted successfully.
    C:\WINDOWS\System32\SET5D8.tmp deleted successfully.
    C:\WINDOWS\System32\SET5DA.tmp deleted successfully.
    C:\WINDOWS\System32\SET5DC.tmp deleted successfully.
    C:\WINDOWS\System32\SET5DD.tmp deleted successfully.
    C:\WINDOWS\System32\SET5DE.tmp deleted successfully.
    C:\WINDOWS\System32\SET5E1.tmp deleted successfully.
    C:\WINDOWS\System32\SET5E8.tmp deleted successfully.
    C:\WINDOWS\System32\SET5E9.tmp deleted successfully.
    C:\WINDOWS\System32\SET5F1.tmp deleted successfully.
    C:\WINDOWS\System32\SET5F8.tmp deleted successfully.
    C:\WINDOWS\System32\SET5FA.tmp deleted successfully.
    C:\WINDOWS\System32\SET5FD.tmp deleted successfully.
    C:\WINDOWS\System32\SET600.tmp deleted successfully.
    C:\WINDOWS\System32\SET603.tmp deleted successfully.
    C:\WINDOWS\System32\SET605.tmp deleted successfully.
    C:\WINDOWS\System32\SET609.tmp deleted successfully.
    C:\WINDOWS\System32\SET60B.tmp deleted successfully.
    C:\WINDOWS\System32\SET60C.tmp deleted successfully.
    C:\WINDOWS\System32\SET60D.tmp deleted successfully.
    C:\WINDOWS\System32\SET610.tmp deleted successfully.
    C:\WINDOWS\System32\SET611.tmp deleted successfully.
    C:\WINDOWS\System32\SET615.tmp deleted successfully.
    C:\WINDOWS\System32\SET616.tmp deleted successfully.
    C:\WINDOWS\System32\SET619.tmp deleted successfully.
    C:\WINDOWS\System32\SET61C.tmp deleted successfully.
    C:\WINDOWS\System32\SET61F.tmp deleted successfully.
    C:\WINDOWS\System32\SET622.tmp deleted successfully.
    C:\WINDOWS\System32\SET626.tmp deleted successfully.
    C:\WINDOWS\System32\SET628.tmp deleted successfully.
    C:\WINDOWS\System32\SET62A.tmp deleted successfully.
    C:\WINDOWS\003322_.tmp deleted successfully.
    C:\WINDOWS\003448_.tmp deleted successfully.
    C:\WINDOWS\SET64B.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Avg7 folder moved successfully.
    C:\来369搜索让你上网也能赚大钱.url moved successfully.
    C:\网络赚钱美好人生从意天开始.url moved successfully.
    C:\梦想成真,sondle软件,为您服务.url moved successfully.
    File C:\来369搜索让你上网也能赚大钱.url not found.
    File C:\网络赚钱美好人生从意天开始.url not found.
    File C:\梦想成真,sondle软件,为您服务.url not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE7C4A02 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: Administrator(3)

    User: Administrator.YOUR-4DACD0EA75
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes

    User: All Users

    User: BB443B11-7D12-450c-9F85-2D32804655F9

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: HP_Administrator
    ->Temp folder emptied: 13156621 bytes
    ->Temporary Internet Files folder emptied: 3035191 bytes
    ->Java cache emptied: 52941478 bytes
    ->FireFox cache emptied: 57873170 bytes
    ->Flash cache emptied: 45907 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Lynne
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 49214215 bytes
    ->Flash cache emptied: 3740 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 163840 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 169.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator(3)

    User: Administrator.YOUR-4DACD0EA75

    User: All Users

    User: BB443B11-7D12-450c-9F85-2D32804655F9

    User: Default User

    User: HP_Administrator
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Lynne
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.1 log created on 07182010_182349

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    writeman47,
    #18
  20. 2010/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK.
    Leave it for now.
    ...and...
     
    broni,
    #19
  21. 2010/07/18
    writeman47

    writeman47 Inactive Thread Starter

    Joined:
    2006/01/13
    Messages:
    19
    Likes Received:
    0
    OTL logfile created on: 7/18/2010 6:35:20 PM - Run 2
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 177.45 Gb Total Space | 132.71 Gb Free Space | 74.79% Space Free | Partition Type: NTFS
    Drive D: | 8.84 Gb Total Space | 0.56 Gb Free Space | 6.35% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive K: | 232.83 Gb Total Space | 211.43 Gb Free Space | 90.81% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75
    Current User Name: HP_Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/18 12:58:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    PRC - [2010/06/03 15:14:31 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2010/05/17 17:10:22 | 000,855,824 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\Plus\TranscodingService.exe
    PRC - [2010/05/17 17:10:16 | 000,608,016 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    PRC - [2010/05/17 17:10:14 | 002,264,336 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoServer.exe
    PRC - [2010/05/17 17:10:12 | 000,437,520 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    PRC - [2010/05/17 17:10:06 | 001,104,656 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
    PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/03/21 13:09:18 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/11/20 17:48:14 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    PRC - [2009/11/06 16:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    PRC - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    PRC - [2009/11/06 13:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
    PRC - [2007/11/01 17:42:44 | 001,384,448 | ---- | M] (Novosoft) -- C:\Program Files\Novosoft\Handy Backup\hbagent.exe
    PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/20 04:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
    PRC - [2006/11/07 16:41:44 | 000,419,840 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
    PRC - [2006/11/07 16:41:44 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
    PRC - [2006/11/07 16:41:44 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_server.exe
    PRC - [2006/11/02 16:28:08 | 000,092,672 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPserv.exe
    PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    PRC - [2006/04/13 12:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
    PRC - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeep\DkService.exe
    PRC - [2004/06/23 11:23:00 | 000,015,360 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    PRC - [2003/12/17 09:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
    PRC - [2002/12/09 20:19:20 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/18 12:58:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    MOD - [2007/10/26 12:06:56 | 000,062,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    MOD - [2006/10/04 23:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
    MOD - [2006/08/25 09:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    MOD - [2004/08/10 00:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2010/06/03 15:14:31 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/05/17 17:10:06 | 001,104,656 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
    SRV - [2010/05/06 13:23:56 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/11/20 17:48:14 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
    SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/11/20 04:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
    SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/11/02 16:28:08 | 000,092,672 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\system32\PGPserv.exe -- (PGPserv)
    SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [Disabled | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
    SRV - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeep\DkService.exe -- (Diskeeper)
    SRV - [2004/08/10 00:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - [2010/06/21 18:37:49 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/11/06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
    DRV - [2009/11/06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
    DRV - [2009/11/06 13:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
    DRV - [2009/06/22 07:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
    DRV - [2008/10/09 11:21:04 | 000,202,928 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
    DRV - [2008/10/06 10:47:12 | 000,101,248 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKE.sys -- (RapportKE)
    DRV - [2008/10/06 10:47:12 | 000,062,720 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2008/05/08 08:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2008/02/26 09:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
    DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
    DRV - [2007/04/11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2007/04/11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
    DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
    DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
    DRV - [2007/01/18 08:00:26 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2006/11/02 16:28:02 | 000,224,256 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)
    DRV - [2006/11/02 16:27:42 | 000,096,256 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\PGPfsfd.sys -- (pgpfs)
    DRV - [2006/11/02 16:27:34 | 000,036,352 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPsdk.sys -- (PGPsdkDriver)
    DRV - [2006/11/02 16:27:24 | 000,163,328 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PGPwded.sys -- (PGPwded)
    DRV - [2006/07/24 16:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/01/12 22:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
    DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
    DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/01/08 03:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2005/01/07 17:05:28 | 000,147,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/12/17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
    DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
    DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
    DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
    DRV - [1998/01/26 02:17:00 | 000,018,432 | ---- | M] (Shuttle Technology) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\sharshtl.sys -- (SHARSHTL)
    DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.goodsearch.com/Default.aspx "

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/02/11 14:08:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/02/25 10:10:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/24 12:00:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 13:37:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 13:37:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/12 17:52:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/05/24 12:01:06 | 000,000,000 | ---D | M]

    [2010/01/05 09:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
    [2010/01/05 09:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/06/24 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\om5yb7rr.default\extensions
    [2009/12/28 17:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\om5yb7rr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/06/29 13:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\om5yb7rr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2010/07/18 13:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions
    [2010/07/05 10:50:57 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/04/27 10:09:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2008/10/22 13:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2)
    [2010/07/06 15:11:11 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2007/06/29 14:53:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
    [2008/06/15 12:55:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
    [2008/10/22 13:09:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(4)
    [2009/02/20 16:48:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(5)
    [2009/06/04 09:13:10 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2009/02/20 15:45:11 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
    [2010/06/29 13:35:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2009/01/10 11:52:35 | 000,000,000 | ---D | M] (QuickUpload) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{BC0AE9E6-E549-4554-A222-EA083A894683}
    [2009/02/20 16:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    [2009/02/20 16:23:30 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}(2)
    [2010/02/01 12:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
    [2010/07/11 13:02:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/18 12:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\fatcash@fatwallet.com
    [2010/06/19 15:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\ietab@ip.cn
    [2009/02/20 15:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris(2).com
    [2010/07/16 17:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\piclens@cooliris.com
    [2009/02/20 15:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\staged-xpis(2)
    [2010/02/01 12:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\staged-xpis(3)
    [2007/06/29 14:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\trackmenot@mrl.nyu(2).edu
    [2009/02/20 15:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\trackmenot@mrl.nyu(4).edu
    [2010/03/20 08:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\trackmenot@mrl.nyu.edu
    [2008/12/04 10:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tswiyxe4.Gary\extensions\warpvideo@vusion.com
    [2010/07/18 13:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/12 17:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2006/11/17 08:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\defaults\profile\Gary\extensions
    [2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
    [2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/07/12 17:18:04 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/06/30 08:57:57 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [2006/10/09 08:58:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2007/01/23 14:28:00 | 001,138,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\nppsynth.dll
    [2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
    [2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    [2009/07/15 11:01:47 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
    [2007/01/23 14:07:00 | 001,847,296 | ---- | M] (Microsoft) -- C:\Program Files\Mozilla Firefox\plugins\Seadragon.dll

    O1 HOSTS File: ([2010/07/18 18:27:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
    O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    O4 - HKCU..\Run: [Handy Backup 6.0] C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP\hbagent.exe (Novosoft)
    O4 - HKCU..\Run: [Rapportexe] C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\StartUp\WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\PGPmapih.dll) - C:\WINDOWS\system32\PGPmapih.dll (PGP Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
    O30 - LSA: Security Packages - (or) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/22 14:37:50 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    End part one
     
    writeman47,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...