Solved No Desktop and can't run programs

[Resolved] No Desktop and can't run programs

Each time I start up my PC, my desktop disappears after a short period of time. Prior to it disappearing, I try to run Malware Anti-Malware and it will not run. I have tried to get to the Kaspersky website and can, but it indicates I need Java, which I think is installed. I am able to download it, but when I try to open it from the downloaded programs windows, it starts and the immediately stops. This happens with any program I download and try to open, including DDS. The only thing I was able to do is run Malware in safe mode. However, I was unable to connect to the internet to update the definitions. It did find 4 issues that I resolved, but that has not helped the situation. I am not sure what to do next and any help is appreciated.

Any help is appreciated.

 

I was able to get the first two programs to run, but am unable to get combofix to run after running the first two. I do have the logs for those as well as a HJT log from before those programs were run. Please let me know what I can do next.

Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:31 PM, on 7/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
L:\Program Files\Spyware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Lwx.exe
C:\Documents and Settings\HP_Administrator\Application Data\616baee2.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\lnkxgjsnm\kwdpfmptssd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ADC PlugIn - {149256D5-E103-4523-BB43-2CFB066839D6} - C:\Program Files\adc_w32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Fsiguliw] rundll32.exe "C:\WINDOWS\iwuyitejedabenud.dll ",Startup
O4 - HKLM\..\Run: [jywutjrv] C:\Documents and Settings\NetworkService\Local Settings\Application Data\lnkxgjsnm\kwdpfmptssd.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Wcujac] rundll32.exe "C:\WINDOWS\vminco.dll ",Startup
O4 - HKCU\..\Run: [EWABQAF7KL] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Lwx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-18\..\Run: [jywutjrv] C:\Documents and Settings\NetworkService\Local Settings\Application Data\lnkxgjsnm\kwdpfmptssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jywutjrv] C:\Documents and Settings\NetworkService\Local Settings\Application Data\lnkxgjsnm\kwdpfmptssd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.costcophotocenter.com/CostcoOutlookImport.cab
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - https://accounting.quickbooks.com/c1/v15.591/qboax9.cab
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://68.239.135.123:100/RemoteWeb.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} (CViewerControl Object) - http://68.239.135.123:100/VideoViewer.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c2/v16.607/qboax10.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://webcam.geovision.com.tw/cab/OCXChecker_8000.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://webcam.geovision.com.tw/cab/DownloadFile_8000.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.com/TrueInstall.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F18C875-12FA-442C-BE00-32F6BEAC37D2}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - L:\Program Files\Spyware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10906 bytes

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as HP_Administrator on 07/10/2010 at 21:14:03.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\NetworkService\Local Settings\Application Data\lnkxgjsnm\kwdpfmptssd.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Lwx.exe
C:\Documents and Settings\HP_Administrator\Application Data\616baee2.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\rkill.com


Rkill completed on 07/10/2010 at 21:14:13.


exeHelper by Raktor
Build 20100414
Run at 21:17:29 on 07/10/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

FYI - I am troubleshooting for my in-laws so I may log in from my home PC to check for updates. I also may not be able to respond immediately since this in not my PC. Thank you for your patience.

 

It starts to run and terminates - the progress bar sometimes gets to almost 10% (approximately).

 

That did it. Log is below:

ComboFix 10-07-10.01 - HP_Administrator 07/10/2010 22:22:26.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.495 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\broni.com.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\HP_Administrator\Application Data\616baee2.exe
c:\documents and settings\HP_Administrator\Application Data\pb32.exe
c:\documents and settings\HP_Administrator\Desktop\Sysinternals Antivirus.lnk
c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\HP_Administrator\iWAY500C_180.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\nsgsjowls
c:\documents and settings\HP_Administrator\Local Settings\Application Data\nsgsjowls\moebarftssd.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\lnkxgjsnm
c:\documents and settings\NetworkService\Local Settings\Application Data\lnkxgjsnm\kwdpfmptssd.exe
c:\program files\adC_w32.dll
c:\program files\alggui.exe
c:\program files\nuar.old
c:\program files\scdata
c:\program files\scdata\images\i1.gif
c:\program files\scdata\images\i2.gif
c:\program files\scdata\images\i3.gif
c:\program files\scdata\images\j1.gif
c:\program files\scdata\images\j2.gif
c:\program files\scdata\images\j3.gif
c:\program files\scdata\images\jj1.gif
c:\program files\scdata\images\jj2.gif
c:\program files\scdata\images\jj3.gif
c:\program files\scdata\images\l1.gif
c:\program files\scdata\images\l2.gif
c:\program files\scdata\images\l3.gif
c:\program files\scdata\images\pix.gif
c:\program files\scdata\images\t1.gif
c:\program files\scdata\images\t2.gif
c:\program files\scdata\images\Thumbs.db
c:\program files\scdata\images\up1.gif
c:\program files\scdata\images\up2.gif
c:\program files\scdata\images\w1.gif
c:\program files\scdata\images\w11.gif
c:\program files\scdata\images\w2.gif
c:\program files\scdata\images\w3.jpg
c:\program files\scdata\images\word.doc
c:\program files\scdata\images\wt1.gif
c:\program files\scdata\images\wt2.gif
c:\program files\scdata\images\wt3.gif
c:\program files\skynet.dat
c:\program files\Sysinternals Antivirus
c:\program files\wp3.dat
c:\program files\wp4.dat
c:\windows\anesupahoge.dll
c:\windows\azeqewipezupe.dll
c:\windows\ebagixoret.dll
c:\windows\eqanimiq.dll
c:\windows\eqefozujecazuwip.dll
c:\windows\ivugupiditem.dll
c:\windows\iwuyitejedabenud.dll
c:\windows\Lpycoa.exe
c:\windows\ociyemamerih.dll
c:\windows\olenakohodopuvon.dll
c:\windows\otiyimevo.dll
c:\windows\system32\ernel32.dll
c:\windows\system32\spool\prtprocs\w32x86\A3k793w7u.dll
c:\windows\system32\spool\prtprocs\w32x86\AAA55.dll
c:\windows\system32\spool\prtprocs\w32x86\AAAA317s.dll
c:\windows\system32\spool\prtprocs\w32x86\C931y9c.dll
c:\windows\system32\spool\prtprocs\w32x86\C9s17sK.dll
c:\windows\system32\spool\prtprocs\w32x86\CEI3q7.dll
c:\windows\system32\spool\prtprocs\w32x86\G3i7q31c9.dll
c:\windows\system32\spool\prtprocs\w32x86\GM931c.dll
c:\windows\system32\spool\prtprocs\w32x86\GM9g1i.dll
c:\windows\system32\spool\prtprocs\w32x86\I5q55.dll
c:\windows\system32\spool\prtprocs\w32x86\IQG9i179.dll
c:\windows\system32\spool\prtprocs\w32x86\K555w.dll
c:\windows\system32\spool\prtprocs\w32x86\K9yW7u3.dll
c:\windows\system32\spool\prtprocs\w32x86\KU9m17.dll
c:\windows\system32\spool\prtprocs\w32x86\KUO5o.dll
c:\windows\system32\spool\prtprocs\w32x86\MY55o.dll
c:\windows\system32\spool\prtprocs\w32x86\MYWSK1yW.dll
c:\windows\system32\spool\prtprocs\w32x86\OC17u3m79.dll
c:\windows\system32\spool\prtprocs\w32x86\SKUOC.dll
c:\windows\system32\spool\prtprocs\w32x86\U1m93wS9.dll
c:\windows\system32\spool\prtprocs\w32x86\U31iQ31c9.dll
c:\windows\system32\spool\prtprocs\w32x86\U793a7.dll
c:\windows\system32\spool\prtprocs\w32x86\UO7oC17u.dll
c:\windows\system32\spool\prtprocs\w32x86\W55yW.dll
c:\windows\system32\spool\prtprocs\w32x86\YWSKUO3.dll
c:\windows\ujewowoh.dll
c:\windows\umogerutewotevig.dll
c:\windows\uqabafoj.dll
c:\windows\utesiyovup.dll
c:\windows\utofeginukifa.dll
c:\windows\vminco.dll
c:\windows\xpsp1hfm.log
L:\autorun.inf

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-10 23:39 . 2010-07-10 23:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\QuickScan
2010-07-10 23:38 . 2010-05-31 20:34 702120 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-10 23:38 . 2010-05-31 20:34 868456 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-10 23:18 . 2010-07-10 23:18 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E0E4A445-7887-FED5-11D4-84EF8D034D44}-AUTMGR32.EXE
2010-07-10 22:23 . 2010-07-10 22:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-10 22:23 . 2010-07-10 22:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-10 00:45 . 2010-07-10 00:45 64000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C85141D-482C-6BAE-73EE-5FB9D32FBF2B}-vminco.dll
2010-07-10 00:45 . 2010-07-10 00:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-10 00:45 . 2010-07-10 00:45 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1634A12D-6D4A-6F00-B9E5-B41DC782B0F5}-AUTMGR32.EXE
2010-07-08 02:14 . 2010-07-08 02:14 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{13D51E4D-809D-426B-E4AA-C4815266AEB2}-pb32.exe
2010-07-08 02:14 . 2010-07-08 02:14 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{2785072C-CA1A-776D-F9AD-3615BDCED51B}-pb32.exe
2010-07-08 02:10 . 2010-07-08 02:10 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4089A258-2C02-CA74-E9A7-DADCE2AF74E2}-pb32.exe
2010-07-08 02:10 . 2010-07-08 02:10 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{65E86CCA-6242-A508-0058-E409CB454114}-pb32.exe
2010-07-08 02:01 . 2010-07-08 02:01 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6510A069-F803-71A4-0BDE-B8D51FFBA987}-pb32.exe
2010-07-08 02:01 . 2010-07-08 02:01 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{2DFC0621-F49B-0475-F513-5AFA8FF1BEC9}-pb32.exe
2010-07-08 01:56 . 2010-07-08 01:56 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8252A4D2-9D44-1538-A0D8-F20303870023}-pb32.exe
2010-07-08 01:56 . 2010-07-08 01:56 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{400AEFE9-275F-39C8-7D78-650B91019AFE}-pb32.exe
2010-07-08 01:51 . 2010-07-08 01:51 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{480C36BA-BA0F-B91B-4A23-776664F77722}-pb32.exe
2010-07-08 01:51 . 2010-07-08 01:51 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6FE01501-D608-1891-769A-893411899EAD}-pb32.exe
2010-07-08 01:50 . 2010-07-08 01:50 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{877ECAF2-6C0F-AAEA-A5CE-C3464EA5D1D6}-AUTMGR32.EXE
2010-07-08 01:46 . 2010-07-08 01:46 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B06A4145-D268-73F5-3AA7-E9137800C8A8}-pb32.exe
2010-07-08 01:46 . 2010-07-08 01:46 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{45D1DCAB-2427-3F9F-5303-D64016BA5AC3}-pb32.exe
2010-07-08 01:42 . 2010-07-08 01:42 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0EA95C79-8093-4455-BF72-2544EC902E97}-pb32.exe
2010-07-08 01:42 . 2010-07-08 01:42 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE7DB5F2-5231-B5CD-893D-209CC468B166}-pb32.exe
2010-07-08 01:40 . 2010-07-08 01:40 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{63D28C02-CF6F-0A26-B6B0-D378C5A5A488}-pb32.exe
2010-07-08 01:40 . 2010-07-08 01:40 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6390B8F5-29E5-C3AE-D241-E52E2F0803A3}-pb32.exe
2010-07-08 01:26 . 2010-07-08 01:26 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5A4A981A-6CB4-466E-B417-70FEF949A9D6}-pb32.exe
2010-07-08 01:25 . 2010-07-08 01:25 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F2CCF9BC-CE45-259B-7E2D-486FC197B0F3}-pb32.exe
2010-07-08 01:23 . 2010-07-08 01:23 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8F51F2B0-9BC6-4254-AA0D-5797544CE13A}-pb32.exe
2010-07-08 01:14 . 2010-07-08 01:14 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B798C426-F585-160F-E19D-EB6309841BEB}-pb32.exe
2010-07-08 01:14 . 2010-07-08 01:14 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21D43EF7-A3AE-A09F-15AB-31B41362AF46}-pb32.exe
2010-07-08 01:08 . 2010-07-08 01:08 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{07153DD1-5CAA-4F87-6CA5-ED6054BC9E93}-pb32.exe
2010-07-08 01:08 . 2010-07-08 01:08 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{ACA35C2B-28E2-6C67-2989-8DEAA02824E3}-pb32.exe
2010-07-08 01:02 . 2010-07-08 01:02 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6BB3BEBF-C250-EC6B-1894-072B8044EBE7}-pb32.exe
2010-07-08 01:02 . 2010-07-08 01:02 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5A7D0D18-5782-E262-93FB-41C4DC8EFFE3}-pb32.exe
2010-07-08 00:56 . 2010-07-08 00:56 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{EC5A6E5A-8392-AA7A-F879-AD266C52828A}-pb32.exe
2010-07-08 00:56 . 2010-07-08 00:56 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{ECA8EFC9-EB66-5AAA-EC06-0949C40ECF2C}-pb32.exe
2010-07-08 00:50 . 2010-07-08 00:50 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AC392C1B-B989-0470-CCE8-5AB01C994142}-pb32.exe
2010-07-08 00:50 . 2010-07-08 00:50 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C74768BA-1AE4-55F7-8225-76D877F9EA33}-pb32.exe
2010-07-08 00:49 . 2010-07-08 00:49 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{55696791-6A12-DBB0-FC5A-D8024A4CEB06}-AUTMGR32.EXE
2010-07-08 00:48 . 2010-07-08 00:48 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CA711C98-65BE-5B64-AF60-B9CAAA660994}-pb32.exe
2010-07-08 00:47 . 2010-07-08 00:47 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0BF4998A-1E46-55CF-5773-4E84380A316E}-pb32.exe
2010-07-08 00:41 . 2010-07-08 00:41 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3527A51C-FC22-D970-E9B6-D87FB2EDCEBF}-pb32.exe
2010-07-08 00:41 . 2010-07-08 00:41 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{713BA210-1EA2-E36D-21E4-AE727BA4A1CE}-pb32.exe
2010-07-08 00:37 . 2010-07-08 00:37 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FDB74543-B0C4-5AE2-F839-A4297D19E7B2}-pb32.exe
2010-07-08 00:37 . 2010-07-08 00:37 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1F35495-29BD-F34A-9435-3D42C77366ED}-pb32.exe
2010-07-08 00:27 . 2010-07-08 00:27 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AC41016A-38E5-EEB6-74EA-68D1ACD98A6D}-pb32.exe
2010-07-08 00:27 . 2010-07-08 00:27 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E7C45C2E-4FC8-7756-33C1-950E08082175}-pb32.exe
2010-07-08 00:23 . 2010-07-08 00:23 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FD2A9A1C-980F-216C-A488-61CAA0257B21}-pb32.exe
2010-07-08 00:23 . 2010-07-08 00:23 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7025911E-1358-BFE0-18D7-C229FA74086E}-pb32.exe
2010-07-08 00:21 . 2010-07-08 00:21 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F343FB53-8126-A94F-5C97-C4BA70052C05}-pb32.exe
2010-07-08 00:21 . 2010-07-08 00:21 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3AD9464D-ACCD-4823-2809-598653248C23}-pb32.exe
2010-07-08 00:04 . 2010-07-08 00:04 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C960ACC2-431F-E645-085C-786A182135CF}-pb32.exe
2010-07-08 00:04 . 2010-07-08 00:04 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{2A948B43-ACC2-0F95-8EC7-71280EA21CFD}-pb32.exe
2010-07-08 00:01 . 2010-07-08 00:01 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{59E1480E-B252-050B-7A4A-F6FCFDB52022}-pb32.exe
2010-07-08 00:01 . 2010-07-08 00:01 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3EF86B29-E15E-ECCC-E22C-870DE4C058BF}-pb32.exe
2010-07-07 23:33 . 2010-07-07 23:33 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C06CD46-DA8A-ECC7-E4A3-A6A7D0DAF200}-pb32.exe
2010-07-07 23:31 . 2010-07-07 23:31 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{22903497-B8D6-84FF-D048-E63DFDE8C533}-pb32.exe
2010-07-07 23:31 . 2010-07-07 23:31 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{ECB5ED42-B9E4-1E25-F6BB-EAFAF4E4173C}-pb32.exe
2010-07-07 23:16 . 2010-07-07 23:16 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7401DF2C-168F-2FB5-EE5E-FCFA940CBA6F}-pb32.exe
2010-07-07 23:16 . 2010-07-07 23:16 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{84365648-484A-4677-F063-71AC3077F215}-pb32.exe
2010-07-07 23:13 . 2010-07-07 23:13 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8B2BCF07-AAAA-0D50-DE5F-D5B26330B734}-pb32.exe
2010-07-07 23:13 . 2010-07-07 23:13 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0061824A-DE3A-509A-4419-2D410C857C35}-pb32.exe
2010-07-07 23:09 . 2010-07-07 23:09 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FBAB117C-D950-FAAE-CBEC-54276B468E80}-pb32.exe
2010-07-07 23:09 . 2010-07-07 23:09 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{264C3951-3DD6-D76D-BF83-2F95DD026FE3}-pb32.exe
2010-07-07 22:52 . 2010-07-07 22:52 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AE3E4E0E-D3BB-6A17-E753-35DB0D38457F}-pb32.exe
2010-07-07 22:52 . 2010-07-07 22:52 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6A7C1BEA-860A-1DB4-9808-C0F4EB9D91E7}-pb32.exe
2010-07-07 22:48 . 2010-07-07 22:48 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{60B88B5E-6995-EB2A-A6B0-04E2D5856745}-pb32.exe
2010-07-07 22:48 . 2010-07-07 22:48 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B99C89E3-702D-757B-4FE7-0FDBCFA4ED3C}-pb32.exe
2010-07-07 17:29 . 2010-07-07 17:29 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{855132BC-4482-5B1A-266D-1E50D7108BD0}-AUTMGR32.EXE
2010-07-07 17:17 . 2010-07-07 22:34 2716 ----a-w- c:\windows\Pbidifalutih.dat
2010-07-07 17:17 . 2010-07-07 17:17 0 ----a-w- c:\windows\Pgoluwaruyumogav.bin
2010-07-07 17:17 . 2010-07-07 17:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\{47F35C31-A92E-4803-85FD-4B8A9EF7842A}
2010-07-06 07:41 . 2010-07-10 00:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-05 23:52 . 2010-07-05 23:52 0 ----a-w- c:\program files\extra1.dat
2010-06-22 21:58 . 2010-06-22 21:59 -------- d-----w- c:\program files\iTunes
2010-06-22 21:58 . 2010-06-22 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 21:56 . 2010-06-22 21:57 -------- d-----w- c:\program files\QuickTime
2010-06-22 21:53 . 2010-06-22 21:53 -------- d-----w- c:\program files\Bonjour
2010-06-22 21:51 . 2010-06-22 21:51 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-13 15:25 . 2010-06-16 04:06 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 12:36 . 2010-02-07 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-07 03:18 . 2010-01-25 00:37 129240 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-06 11:01 . 2010-01-29 22:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2010-07-02 12:07 . 2010-05-22 19:31 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-22 21:59 . 2005-03-25 17:11 -------- d-----w- c:\program files\iPod
2010-06-22 21:58 . 2007-07-08 13:58 -------- d-----w- c:\program files\Common Files\Apple
2010-06-06 14:10 . 2010-02-07 00:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Intuit
2010-06-05 22:16 . 2010-06-05 22:16 1925088 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-06-01 17:37 . 2010-05-22 19:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-30 00:53 . 2010-03-26 10:25 -------- d-----w- c:\program files\Coupons
2010-05-23 15:36 . 2010-02-07 00:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\CyberLink
2010-05-22 19:26 . 2008-04-10 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 17:20 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-04-05 22:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-04 13:48 . 2010-05-04 13:43 77352 ----a-w- c:\windows\hpqins05.dat
2010-05-02 05:22 . 2004-08-10 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-03 21:57 . 2007-08-03 21:57 251 -c--a-w- c:\program files\wt3d.ini
2007-01-06 17:14 . 2007-01-06 17:14 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-09-03 00:56 . 2007-06-28 01:32 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-30 1389904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-13 23:17 2742272 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-04 12:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 18:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 02:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2004-06-07 18:42 659456 ----a-w- c:\windows\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 19:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2004-12-22 12:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2004-10-25 21:17 90112 ----a-w- c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 20:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 03:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2008-09-17 01:14 2065648 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"l:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://68.239.135.123:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://68.239.135.123:100/VideoViewer.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://webcam.geovision.com.tw/cab/OCXChecker_8000.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://webcam.geovision.com.tw/cab/DownloadFile_8000.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {47F35C31-A92E-4803-85FD-4B8A9EF7842A} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{47F35C31-A92E-4803-85FD-4B8A9EF7842A}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Wcujac - c:\windows\vminco.dll
HKLM-Run-Fsiguliw - c:\windows\iwuyitejedabenud.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-EWABQAF7KL - c:\docume~1\HP_ADM~1\LOCALS~1\Temp\Lwx.exe
MSConfigStartUp-fiedmqds - c:\documents and settings\HP_Administrator\Local Settings\Application Data\nsgsjowls\moebarftssd.exe
MSConfigStartUp-Fsiguliw - c:\windows\iwuyitejedabenud.dll
MSConfigStartUp-pbuilder - c:\documents and settings\HP_Administrator\Application Data\pb32.exe
MSConfigStartUp-Wcujac - c:\windows\vminco.dll
AddRemove-HijackThis - c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\FGQMDDUF\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 22:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-10 22:35:52
ComboFix-quarantined-files.txt 2010-07-11 02:35

Pre-Run: 12,905,132,032 bytes free
Post-Run: 13,073,461,248 bytes free

- - End Of File - - 6370E48B341C84B851C907E61CEBCE46

 

ComboFix 10-07-11.03 - HP_Administrator 07/11/2010 20:59:51.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.468 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\broni.com.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\program files\extra1.dat "
"c:\windows\Pbidifalutih.dat "
"c:\windows\Pgoluwaruyumogav.bin "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Local Settings\Application Data\{47F35C31-A92E-4803-85FD-4B8A9EF7842A}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{47F35C31-A92E-4803-85FD-4B8A9EF7842A}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{47F35C31-A92E-4803-85FD-4B8A9EF7842A}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{47F35C31-A92E-4803-85FD-4B8A9EF7842A}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{47F35C31-A92E-4803-85FD-4B8A9EF7842A}\install.rdf
c:\program files\extra1.dat
c:\windows\Pbidifalutih.dat
c:\windows\Pgoluwaruyumogav.bin

.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-11 02:11 . 2010-07-11 02:35 -------- d-----w- C:\broni.com
2010-07-10 23:39 . 2010-07-10 23:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\QuickScan
2010-07-10 23:38 . 2010-05-31 20:34 702120 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-10 23:38 . 2010-05-31 20:34 868456 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-10 23:18 . 2010-07-10 23:18 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E0E4A445-7887-FED5-11D4-84EF8D034D44}-AUTMGR32.EXE
2010-07-10 22:23 . 2010-07-10 22:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-10 22:23 . 2010-07-10 22:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-10 00:45 . 2010-07-10 00:45 64000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C85141D-482C-6BAE-73EE-5FB9D32FBF2B}-vminco.dll
2010-07-10 00:45 . 2010-07-10 00:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-10 00:45 . 2010-07-10 00:45 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1634A12D-6D4A-6F00-B9E5-B41DC782B0F5}-AUTMGR32.EXE
2010-07-08 02:14 . 2010-07-08 02:14 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{13D51E4D-809D-426B-E4AA-C4815266AEB2}-pb32.exe
2010-07-08 02:14 . 2010-07-08 02:14 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{2785072C-CA1A-776D-F9AD-3615BDCED51B}-pb32.exe
2010-07-08 02:10 . 2010-07-08 02:10 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4089A258-2C02-CA74-E9A7-DADCE2AF74E2}-pb32.exe
2010-07-08 02:10 . 2010-07-08 02:10 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{65E86CCA-6242-A508-0058-E409CB454114}-pb32.exe
2010-07-08 02:01 . 2010-07-08 02:01 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6510A069-F803-71A4-0BDE-B8D51FFBA987}-pb32.exe
2010-07-08 02:01 . 2010-07-08 02:01 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{2DFC0621-F49B-0475-F513-5AFA8FF1BEC9}-pb32.exe
2010-07-08 01:56 . 2010-07-08 01:56 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8252A4D2-9D44-1538-A0D8-F20303870023}-pb32.exe
2010-07-08 01:56 . 2010-07-08 01:56 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{400AEFE9-275F-39C8-7D78-650B91019AFE}-pb32.exe
2010-07-08 01:51 . 2010-07-08 01:51 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{480C36BA-BA0F-B91B-4A23-776664F77722}-pb32.exe
2010-07-08 01:51 . 2010-07-08 01:51 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6FE01501-D608-1891-769A-893411899EAD}-pb32.exe
2010-07-08 01:50 . 2010-07-08 01:50 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{877ECAF2-6C0F-AAEA-A5CE-C3464EA5D1D6}-AUTMGR32.EXE
2010-07-08 01:46 . 2010-07-08 01:46 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B06A4145-D268-73F5-3AA7-E9137800C8A8}-pb32.exe
2010-07-08 01:46 . 2010-07-08 01:46 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{45D1DCAB-2427-3F9F-5303-D64016BA5AC3}-pb32.exe
2010-07-08 01:42 . 2010-07-08 01:42 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0EA95C79-8093-4455-BF72-2544EC902E97}-pb32.exe
2010-07-08 01:42 . 2010-07-08 01:42 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE7DB5F2-5231-B5CD-893D-209CC468B166}-pb32.exe
2010-07-08 01:40 . 2010-07-08 01:40 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{63D28C02-CF6F-0A26-B6B0-D378C5A5A488}-pb32.exe
2010-07-08 01:40 . 2010-07-08 01:40 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6390B8F5-29E5-C3AE-D241-E52E2F0803A3}-pb32.exe
2010-07-08 01:26 . 2010-07-08 01:26 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5A4A981A-6CB4-466E-B417-70FEF949A9D6}-pb32.exe
2010-07-08 01:25 . 2010-07-08 01:25 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F2CCF9BC-CE45-259B-7E2D-486FC197B0F3}-pb32.exe
2010-07-08 01:23 . 2010-07-08 01:23 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8F51F2B0-9BC6-4254-AA0D-5797544CE13A}-pb32.exe
2010-07-08 01:14 . 2010-07-08 01:14 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B798C426-F585-160F-E19D-EB6309841BEB}-pb32.exe
2010-07-08 01:14 . 2010-07-08 01:14 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21D43EF7-A3AE-A09F-15AB-31B41362AF46}-pb32.exe
2010-07-08 01:08 . 2010-07-08 01:08 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{07153DD1-5CAA-4F87-6CA5-ED6054BC9E93}-pb32.exe
2010-07-08 01:08 . 2010-07-08 01:08 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{ACA35C2B-28E2-6C67-2989-8DEAA02824E3}-pb32.exe
2010-07-08 01:02 . 2010-07-08 01:02 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6BB3BEBF-C250-EC6B-1894-072B8044EBE7}-pb32.exe
2010-07-08 01:02 . 2010-07-08 01:02 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5A7D0D18-5782-E262-93FB-41C4DC8EFFE3}-pb32.exe
2010-07-08 00:56 . 2010-07-08 00:56 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{EC5A6E5A-8392-AA7A-F879-AD266C52828A}-pb32.exe
2010-07-08 00:56 . 2010-07-08 00:56 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{ECA8EFC9-EB66-5AAA-EC06-0949C40ECF2C}-pb32.exe
2010-07-08 00:50 . 2010-07-08 00:50 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AC392C1B-B989-0470-CCE8-5AB01C994142}-pb32.exe
2010-07-08 00:50 . 2010-07-08 00:50 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C74768BA-1AE4-55F7-8225-76D877F9EA33}-pb32.exe
2010-07-08 00:49 . 2010-07-08 00:49 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{55696791-6A12-DBB0-FC5A-D8024A4CEB06}-AUTMGR32.EXE
2010-07-08 00:48 . 2010-07-08 00:48 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CA711C98-65BE-5B64-AF60-B9CAAA660994}-pb32.exe
2010-07-08 00:47 . 2010-07-08 00:47 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0BF4998A-1E46-55CF-5773-4E84380A316E}-pb32.exe
2010-07-08 00:41 . 2010-07-08 00:41 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3527A51C-FC22-D970-E9B6-D87FB2EDCEBF}-pb32.exe
2010-07-08 00:41 . 2010-07-08 00:41 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{713BA210-1EA2-E36D-21E4-AE727BA4A1CE}-pb32.exe
2010-07-08 00:37 . 2010-07-08 00:37 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FDB74543-B0C4-5AE2-F839-A4297D19E7B2}-pb32.exe
2010-07-08 00:37 . 2010-07-08 00:37 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1F35495-29BD-F34A-9435-3D42C77366ED}-pb32.exe
2010-07-08 00:27 . 2010-07-08 00:27 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AC41016A-38E5-EEB6-74EA-68D1ACD98A6D}-pb32.exe
2010-07-08 00:27 . 2010-07-08 00:27 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E7C45C2E-4FC8-7756-33C1-950E08082175}-pb32.exe
2010-07-08 00:23 . 2010-07-08 00:23 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FD2A9A1C-980F-216C-A488-61CAA0257B21}-pb32.exe
2010-07-08 00:23 . 2010-07-08 00:23 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7025911E-1358-BFE0-18D7-C229FA74086E}-pb32.exe
2010-07-08 00:21 . 2010-07-08 00:21 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F343FB53-8126-A94F-5C97-C4BA70052C05}-pb32.exe
2010-07-08 00:21 . 2010-07-08 00:21 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3AD9464D-ACCD-4823-2809-598653248C23}-pb32.exe
2010-07-08 00:04 . 2010-07-08 00:04 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C960ACC2-431F-E645-085C-786A182135CF}-pb32.exe
2010-07-08 00:04 . 2010-07-08 00:04 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{2A948B43-ACC2-0F95-8EC7-71280EA21CFD}-pb32.exe
2010-07-08 00:01 . 2010-07-08 00:01 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{59E1480E-B252-050B-7A4A-F6FCFDB52022}-pb32.exe
2010-07-08 00:01 . 2010-07-08 00:01 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3EF86B29-E15E-ECCC-E22C-870DE4C058BF}-pb32.exe
2010-07-07 23:33 . 2010-07-07 23:33 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C06CD46-DA8A-ECC7-E4A3-A6A7D0DAF200}-pb32.exe
2010-07-07 23:31 . 2010-07-07 23:31 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{22903497-B8D6-84FF-D048-E63DFDE8C533}-pb32.exe
2010-07-07 23:31 . 2010-07-07 23:31 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{ECB5ED42-B9E4-1E25-F6BB-EAFAF4E4173C}-pb32.exe
2010-07-07 23:16 . 2010-07-07 23:16 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7401DF2C-168F-2FB5-EE5E-FCFA940CBA6F}-pb32.exe
2010-07-07 23:16 . 2010-07-07 23:16 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{84365648-484A-4677-F063-71AC3077F215}-pb32.exe
2010-07-07 23:13 . 2010-07-07 23:13 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8B2BCF07-AAAA-0D50-DE5F-D5B26330B734}-pb32.exe
2010-07-07 23:13 . 2010-07-07 23:13 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0061824A-DE3A-509A-4419-2D410C857C35}-pb32.exe
2010-07-07 23:09 . 2010-07-07 23:09 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FBAB117C-D950-FAAE-CBEC-54276B468E80}-pb32.exe
2010-07-07 23:09 . 2010-07-07 23:09 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{264C3951-3DD6-D76D-BF83-2F95DD026FE3}-pb32.exe
2010-07-07 22:52 . 2010-07-07 22:52 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AE3E4E0E-D3BB-6A17-E753-35DB0D38457F}-pb32.exe
2010-07-07 22:52 . 2010-07-07 22:52 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6A7C1BEA-860A-1DB4-9808-C0F4EB9D91E7}-pb32.exe
2010-07-07 22:48 . 2010-07-07 22:48 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{60B88B5E-6995-EB2A-A6B0-04E2D5856745}-pb32.exe
2010-07-07 22:48 . 2010-07-07 22:48 179200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B99C89E3-702D-757B-4FE7-0FDBCFA4ED3C}-pb32.exe
2010-07-07 17:29 . 2010-07-07 17:29 433152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{855132BC-4482-5B1A-266D-1E50D7108BD0}-AUTMGR32.EXE
2010-07-06 07:41 . 2010-07-10 00:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-22 21:58 . 2010-06-22 21:59 -------- d-----w- c:\program files\iTunes
2010-06-22 21:58 . 2010-06-22 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 21:56 . 2010-06-22 21:57 -------- d-----w- c:\program files\QuickTime
2010-06-22 21:53 . 2010-06-22 21:53 -------- d-----w- c:\program files\Bonjour
2010-06-22 21:51 . 2010-06-22 21:51 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-13 15:25 . 2010-06-16 04:06 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 12:36 . 2010-02-07 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-07 03:18 . 2010-01-25 00:37 129240 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-06 11:01 . 2010-01-29 22:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2010-07-02 12:07 . 2010-05-22 19:31 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-22 21:59 . 2005-03-25 17:11 -------- d-----w- c:\program files\iPod
2010-06-22 21:58 . 2007-07-08 13:58 -------- d-----w- c:\program files\Common Files\Apple
2010-06-06 14:10 . 2010-02-07 00:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Intuit
2010-06-05 22:16 . 2010-06-05 22:16 1925088 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-06-01 17:37 . 2010-05-22 19:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-30 00:53 . 2010-03-26 10:25 -------- d-----w- c:\program files\Coupons
2010-05-23 15:36 . 2010-02-07 00:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\CyberLink
2010-05-22 19:26 . 2008-04-10 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 17:20 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-04-05 22:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-04 13:48 . 2010-05-04 13:43 77352 ----a-w- c:\windows\hpqins05.dat
2010-05-02 05:22 . 2004-08-10 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-03 21:57 . 2007-08-03 21:57 251 -c--a-w- c:\program files\wt3d.ini
2007-01-06 17:14 . 2007-01-06 17:14 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-09-03 00:56 . 2007-06-28 01:32 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-11_02.33.21 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-30 1389904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-13 23:17 2742272 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-04 12:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 18:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 02:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2004-06-07 18:42 659456 ----a-w- c:\windows\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 19:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2004-12-22 12:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2004-10-25 21:17 90112 ----a-w- c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 20:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 03:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2008-09-17 01:14 2065648 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"l:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://68.239.135.123:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://68.239.135.123:100/VideoViewer.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://webcam.geovision.com.tw/cab/OCXChecker_8000.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://webcam.geovision.com.tw/cab/DownloadFile_8000.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 21:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-11 21:12:01
ComboFix-quarantined-files.txt 2010-07-12 01:11
ComboFix2.txt 2010-07-11 02:35

Pre-Run: 13,306,093,568 bytes free
Post-Run: 13,420,851,200 bytes free

- - End Of File - - 186F832AC812F200F53C181022C0EE23

 

Thank you for responding so quickly. It is running much better.

Here are the two logs:

OTL logfile created on: 7/11/2010 9:26:14 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 628.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.34 Gb Total Space | 12.64 Gb Free Space | 7.05% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.03 Gb Free Space | 0.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.51 Gb Total Space | 313.06 Gb Free Space | 84.04% Space Free | Partition Type: FAT32
Drive L: | 279.41 Gb Total Space | 111.63 Gb Free Space | 39.95% Space Free | Partition Type: FAT32
Drive X: | 224.37 Gb Total Space | 192.88 Gb Free Space | 85.96% Space Free | Partition Type: NTFS
Drive Z: | 224.37 Gb Total Space | 192.88 Gb Free Space | 85.96% Space Free | Partition Type: NTFS

Computer Name: BIGBOY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/11 21:24:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- L:\Program Files\Spyware\aawservice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/11 21:24:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- L:\Program Files\Spyware\aawservice.exe -- (aawservice)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/11/11 15:43:02 | 000,131,840 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2004/11/04 00:40:04 | 000,821,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/13 20:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/10/07 10:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/18 03:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 12:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 10:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/03/13 13:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sports.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "www.yahoo.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/11 21:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 21:16:11 | 000,000,000 | ---D | M]

[2010/04/05 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/07/11 19:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions
[2008/12/01 22:38:16 | 000,000,000 | ---D | M] (Verizon Broadband Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}
[2010/05/22 19:03:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/15 10:46:06 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\searchplugins\askcom.xml
[2010/07/11 19:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/01/06 13:14:48 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/07/11 21:08:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www.costcophotocenter.com/CostcoOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} https://accounting.quickbooks.com/c1/v15.591/qboax9.cab (Reg Error: Key error.)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://68.239.135.123:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://68.239.135.123:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c2/v16.607/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://webcam.geovision.com.tw/cab/OCXChecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://webcam.geovision.com.tw/cab/DownloadFile_8000.cab (DownloadFile Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://trueswitch.com/TrueInstall.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/25 13:45:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/02/19 12:17:48 | 000,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.G264 - C:\WINDOWS\system32\GX264.dll (GeoVision)
Drivers32: vidc.GEOV - C:\WINDOWS\system32\GeoCodec.dll File not found
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mpg2 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg3 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/11 21:24:37 | 000,000,000 | --SD | C] -- C:\broni.com15667b
[2010/07/11 20:56:47 | 000,000,000 | ---D | C] -- C:\broni.com26388b
[2010/07/10 22:11:31 | 000,000,000 | ---D | C] -- C:\broni.com
[2010/07/10 22:07:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/10 19:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QuickScan
[2010/07/09 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 20:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/05 09:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Bella Recital
[2010/07/05 09:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fio 2
[2010/06/22 17:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/22 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/22 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/22 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/13 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/11 07:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fios
[2010/06/04 07:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Lawn Markings New
[2010/05/23 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\MakeDiscVideo
[2010/05/22 15:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/20 18:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My eBooks
[2010/05/04 09:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate
[2010/05/04 09:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/05/04 09:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/04/16 07:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Water Leak
[2005/03/25 12:44:24 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/11 21:16:26 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/07/11 21:12:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 21:08:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/11 21:08:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/11 07:22:52 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/10 22:22:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 22:19:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 22:19:24 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 22:17:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/07/09 20:46:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 20:36:28 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 20:36:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/09 20:25:13 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/07/07 09:21:43 | 002,229,152 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/07 06:53:57 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PaperPort.lnk
[2010/07/07 06:39:02 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/06 23:18:58 | 000,129,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/06 17:13:24 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 06:59:07 | 000,426,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/05 09:30:05 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 20:17:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/03 20:16:12 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/03 20:08:27 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 20:08:26 | 000,507,686 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 20:08:26 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/02 08:06:35 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/30 21:23:47 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/22 17:59:58 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/21 08:15:36 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/04 20:41:14 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[2010/05/29 20:53:54 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/23 11:11:01 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Water Leak.lnk
[2010/05/23 11:09:59 | 000,000,417 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Verizon 8-3-07.lnk
[2010/05/07 19:24:34 | 000,040,156 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Court Doc Response.pdf
[2010/05/04 09:48:12 | 000,077,352 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/05/04 09:44:58 | 000,001,067 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/04/15 15:14:10 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\UntitledDocument.wps
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 19:04:18 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/07 09:21:42 | 002,229,152 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/06 03:41:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 08:12:45 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/30 21:22:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:54 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/22 17:59:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/04 20:23:23 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[2010/05/23 11:11:01 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Water Leak.lnk
[2010/05/23 11:09:59 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Verizon 8-3-07.lnk
[2010/05/22 15:31:52 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/07 19:26:44 | 000,040,156 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Court Doc Response.pdf
[2010/05/04 09:44:58 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/05/04 09:43:26 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/04/15 15:11:29 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\UntitledDocument.wps
[2009/02/28 16:13:12 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 00:10:06 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2009/02/10 00:06:07 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2009/02/10 00:06:07 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2009/01/19 19:58:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2009/01/04 16:03:45 | 000,000,081 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/01/04 16:03:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/06/06 12:10:56 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ICE_JNIRegistry.dll
[2007/06/27 21:32:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/27 12:16:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/04/22 18:34:26 | 000,000,820 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/04/22 18:34:26 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/04/22 18:34:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/04/22 18:33:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/04/22 18:33:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/11/20 15:52:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\fce32.DLL
[2006/08/27 18:35:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/08/27 18:32:42 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/08/21 19:41:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2006/08/19 17:23:49 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/15 17:35:32 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/10 23:03:08 | 000,000,819 | ---- | C] () -- C:\WINDOWS\GVComPort.INI
[2006/07/10 21:25:11 | 000,000,562 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/06 22:27:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\EventLog.ini
[2006/07/06 22:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMMcast.INI
[2006/07/06 22:21:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GeoMCast.ini
[2006/07/06 22:15:29 | 000,000,188 | ---- | C] () -- C:\WINDOWS\geoModem.ini
[2006/06/20 07:18:34 | 000,000,183 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/06/04 13:06:53 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/04/13 20:44:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\geoxcli.ini
[2006/04/13 20:44:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\geobcast.ini
[2005/09/07 13:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 13:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2005/03/25 13:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 13:44:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/25 13:44:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/25 13:44:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/25 13:44:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/25 13:15:07 | 000,015,327 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/25 13:15:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/25 13:14:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/25 13:11:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/25 12:47:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/25 12:45:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/25 12:45:00 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/03/25 12:35:18 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/25 12:34:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/25 12:34:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/25 12:33:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 19:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 17:51:38 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/18 16:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/06 20:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/06 20:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/04/06 07:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/06 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/06 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/06/22 17:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/06 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/11 07:22:52 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/03/25 13:45:56 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/07/07 13:03:10 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/09 20:36:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/02/06 21:22:21 | 004,425,482 | ---- | M] () -- C:\CF-DeQuarantine_logPC1.txt
[2010/02/09 06:58:08 | 000,000,262 | ---- | M] () -- C:\CFScript.txt
[2004/08/10 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/07/11 21:12:02 | 000,029,262 | ---- | M] () -- C:\ComboFix.txt
[2005/01/28 05:41:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/10 22:19:24 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/04 06:59:19 | 000,015,804 | ---- | M] () -- C:\hijackthisPC1.txt
[2005/03/25 12:33:46 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2005/01/28 05:41:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/03/21 13:58:45 | 000,000,299 | -H-- | M] () -- C:\IPH.PH
[2010/03/13 21:06:57 | 000,001,100 | ---- | M] () -- C:\JavaRa.log
[2010/07/10 19:02:25 | 000,001,303 | ---- | M] () -- C:\mbam-log-2010-07-10 (19-02-10).txt
[2010/07/10 19:03:08 | 000,001,387 | ---- | M] () -- C:\mbam-log-2010-07-10 (19-02-55).txt
[2005/01/28 05:41:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/01 23:26:44 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
[2004/08/10 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/12 12:44:48 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 22:19:23 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/07/10 22:07:11 | 000,000,409 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/09/07 13:00:48 | 000,015,016 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BiCProNT.dll
[2005/09/07 13:00:48 | 000,015,016 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BiMProNT.dll
[2007/03/15 16:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/27 21:28:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/27 21:28:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/27 21:28:56 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

 

OTL Extras logfile created on: 7/11/2010 9:26:14 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 628.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.34 Gb Total Space | 12.64 Gb Free Space | 7.05% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.03 Gb Free Space | 0.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.51 Gb Total Space | 313.06 Gb Free Space | 84.04% Space Free | Partition Type: FAT32
Drive L: | 279.41 Gb Total Space | 111.63 Gb Free Space | 39.95% Space Free | Partition Type: FAT32
Drive X: | 224.37 Gb Total Space | 192.88 Gb Free Space | 85.96% Space Free | Partition Type: NTFS
Drive Z: | 224.37 Gb Total Space | 192.88 Gb Free Space | 85.96% Space Free | Partition Type: NTFS

Computer Name: BIGBOY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"L:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe" = L:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe:*:Enabled:Links 2003 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14642498-477B-458A-8954-7566A2E7A64F}" = PaperPort Professional 11
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36F514C7-E5DE-474C-8615-0180B5990AB4}" = Photo Album
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5380B111-5047-413D-A6E5-70D69391D08E}" = ebgcRes
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}" = HP Tunes
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E42E47F-DA35-47DC-9EBF-9D3AC1225504}" = ScanSoft PaperPort 11
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AD8C11-ED4A-4AE7-BB70-7740C452C999}" = Visual J# .NET Redistributable Package
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{94E3C3CD-C62E-4324-BF0D-438B65C38897}" = PaperPort Professional 11
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB4862FB-0396-4E75-A523-850577EBFC73}" = Security Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}" = LS_HSI
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 0.9.08
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agatha Christie - Peril At End House" = Agatha Christie - Peril At End House (remove only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Applian FLV Player2.0.24" = Applian FLV Player
"Arnold Palmer Course Designer 1.5 1.0" = Microsoft Arnold Palmer Course Designer 1.5
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BackWeb-309731 Uninstaller" = Updates from HP
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Family Law Software Planner 2006 " = Family Law Software Planner 2006
"Help and Support Additions" = Help and Support Additions
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"IrfanView" = IrfanView (remove only)
"Links 2003 1.0" = Microsoft Links 2003
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MVApplication1" = Memorex exPressit Label Design Studio
"Mystery Case Files Huntsville" = Mystery Case Files Huntsville (remove only)
"NHRA Drag Racing 2" = NHRA Drag Racing 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuadSucker/News_is1" = QuadSucker/News v 4.8
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.22
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"TurboTax 2005" = TurboTax 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip Self-Extractor" = WinZip Self-Extractor
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 5:53:42 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 5:53:42 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 6:43:41 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 6:43:41 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 7:43:42 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 7:43:42 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 8:21:41 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 8:21:41 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 9:14:45 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/11/2010 9:14:45 PM | Computer Name = BIGBOY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 7/11/2010 2:30:54 AM | Computer Name = BIGBOY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1400.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072f76 Error description: The
requested header was not found

Error - 7/11/2010 2:30:54 AM | Computer Name = BIGBOY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1400.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072f76 Error description: The
requested header was not found

Error - 7/11/2010 2:30:54 AM | Computer Name = BIGBOY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1400.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072f76 Error description: The
requested header was not found

Error - 7/11/2010 2:31:16 AM | Computer Name = BIGBOY | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696
(Definition 1.85.1855.0).

Error - 7/11/2010 8:54:08 PM | Computer Name = BIGBOY | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).

Error - 7/11/2010 8:54:12 PM | Computer Name = BIGBOY | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/11/2010 8:54:15 PM | Computer Name = BIGBOY | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 7/11/2010 8:54:29 PM | Computer Name = BIGBOY | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/11/2010 8:54:33 PM | Computer Name = BIGBOY | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 7/11/2010 8:56:35 PM | Computer Name = BIGBOY | Source = Service Control Manager | ID = 7034
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 3 time(s).


< End of report >

 

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Starting removal of ActiveX control {40F8967E-34A6-474A-837A-CEC1E7DAC54C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F8967E-34A6-474A-837A-CEC1E7DAC54C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F8967E-34A6-474A-837A-CEC1E7DAC54C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F8967E-34A6-474A-837A-CEC1E7DAC54C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F8967E-34A6-474A-837A-CEC1E7DAC54C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F8967E-34A6-474A-837A-CEC1E7DAC54C}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {FFFFFFFF-CACE-BABE-BABE-00AA0055595A}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\broni.com15667b folder moved successfully.
C:\broni.com26388b folder moved successfully.
C:\broni.com folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 3433441 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 5609990 bytes
->Temporary Internet Files folder emptied: 1946231 bytes
->Java cache emptied: 2438113 bytes
->FireFox cache emptied: 34615867 bytes
->Apple Safari cache emptied: 35755138 bytes
->Flash cache emptied: 2069913 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 10308 bytes
->Temporary Internet Files folder emptied: 577079 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 1085 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48037 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07132010_212044

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_458.dat not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XKHN6A9J\yahoo_com[1].htm not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 7/13/2010 9:33:56 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.34 Gb Total Space | 12.83 Gb Free Space | 7.16% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 0.03 Gb Free Space | 0.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.51 Gb Total Space | 313.06 Gb Free Space | 84.04% Space Free | Partition Type: FAT32
Drive L: | 279.41 Gb Total Space | 111.65 Gb Free Space | 39.96% Space Free | Partition Type: FAT32
Drive X: | 224.37 Gb Total Space | 192.89 Gb Free Space | 85.97% Space Free | Partition Type: NTFS
Drive Z: | 224.37 Gb Total Space | 192.89 Gb Free Space | 85.97% Space Free | Partition Type: NTFS

Computer Name: BIGBOY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/11 21:24:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/07/11 21:15:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 23:13:25 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/11 21:24:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/11/11 15:43:02 | 000,131,840 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2004/11/04 00:40:04 | 000,821,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/13 20:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/10/07 10:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/18 03:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/03/13 13:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2002/10/04 13:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sports.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "www.yahoo.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/13 21:12:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/13 21:12:28 | 000,000,000 | ---D | M]

[2010/04/05 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/07/13 21:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions
[2008/12/01 22:38:16 | 000,000,000 | ---D | M] (Verizon Broadband Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}
[2010/05/22 19:03:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/10 19:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/15 10:46:06 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\avgdbty2.default\searchplugins\askcom.xml
[2010/07/13 21:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/13 21:08:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/06 13:14:48 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/07/13 21:21:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www.costcophotocenter.com/CostcoOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://68.239.135.123:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://68.239.135.123:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c2/v16.607/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://webcam.geovision.com.tw/cab/OCXChecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://webcam.geovision.com.tw/cab/DownloadFile_8000.cab (DownloadFile Control)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/25 13:45:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/02/19 12:17:48 | 000,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/13 21:21:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/13 21:20:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/10 19:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QuickScan
[2010/07/09 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 20:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/07 13:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/05 09:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Bella Recital
[2010/07/05 09:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fio 2
[2010/06/22 17:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/22 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/22 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/22 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/13 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/11 07:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pic Sent to Fios
[2010/06/04 07:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Lawn Markings New
[2010/05/23 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\MakeDiscVideo
[2010/05/22 15:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/20 18:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My eBooks
[2010/05/04 09:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate
[2010/05/04 09:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/05/04 09:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/04/16 07:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Water Leak
[2005/03/25 12:44:24 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/13 21:36:02 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/13 21:33:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/13 21:30:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/13 21:30:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/13 21:30:37 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/13 21:28:43 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/07/13 21:28:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/07/13 21:23:47 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/13 21:21:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/13 17:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/12 07:34:57 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/12 07:27:52 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PaperPort.lnk
[2010/07/11 21:08:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/09 20:46:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 20:36:28 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 20:36:28 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/09 20:25:13 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/07/07 09:21:43 | 002,229,152 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/07 06:39:02 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/06 23:18:58 | 000,129,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/05 09:30:05 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 20:17:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/03 20:16:12 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/03 20:08:27 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 20:08:26 | 000,507,686 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 20:08:26 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/02 08:06:35 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/30 21:23:47 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/22 17:59:58 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/21 08:15:36 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/04 20:41:14 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[2010/05/23 11:11:01 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Water Leak.lnk
[2010/05/23 11:09:59 | 000,000,417 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Verizon 8-3-07.lnk
[2010/05/07 19:24:34 | 000,040,156 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Court Doc Response.pdf
[2010/05/04 09:48:12 | 000,077,352 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/05/04 09:44:58 | 000,001,067 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/04/15 15:14:10 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\UntitledDocument.wps
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 07:34:57 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Lawn Repair 2.lnk
[2010/07/10 19:04:18 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/07 09:21:42 | 002,229,152 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Four J's - Here Am I Broken Hearted - 64 Jamie 1267.mp3
[2010/07/06 03:41:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 08:12:45 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/30 21:22:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shu Bop.doc
[2010/06/30 21:15:54 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\This I swear is true.doc
[2010/06/22 17:59:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/04 20:23:23 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Don't let the sun catch you cryin'.doc
[2010/05/23 11:11:01 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Water Leak.lnk
[2010/05/23 11:09:59 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Verizon 8-3-07.lnk
[2010/05/22 15:31:52 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/07 19:26:44 | 000,040,156 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Court Doc Response.pdf
[2010/05/04 09:44:58 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/05/04 09:43:26 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/04/15 15:11:29 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\UntitledDocument.wps
[2009/02/28 16:13:12 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/10 00:10:06 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2009/02/10 00:06:07 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2009/02/10 00:06:07 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2009/01/19 19:58:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2009/01/04 16:03:45 | 000,000,081 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/01/04 16:03:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/06/06 12:10:56 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ICE_JNIRegistry.dll
[2007/06/27 21:32:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/27 12:16:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/04/22 18:34:26 | 000,000,820 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/04/22 18:34:26 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/04/22 18:34:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/04/22 18:33:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/04/22 18:33:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/11/20 15:52:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\fce32.DLL
[2006/08/27 18:35:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2006/08/27 18:32:42 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2006/08/21 19:41:35 | 000,000,124 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2006/08/19 17:23:49 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/15 17:35:32 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/10 23:03:08 | 000,000,819 | ---- | C] () -- C:\WINDOWS\GVComPort.INI
[2006/07/10 21:25:11 | 000,000,562 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/06 22:27:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\EventLog.ini
[2006/07/06 22:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMMcast.INI
[2006/07/06 22:21:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GeoMCast.ini
[2006/07/06 22:15:29 | 000,000,188 | ---- | C] () -- C:\WINDOWS\geoModem.ini
[2006/06/20 07:18:34 | 000,000,183 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/06/04 13:06:53 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/04/13 20:44:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\geoxcli.ini
[2006/04/13 20:44:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\geobcast.ini
[2005/09/07 13:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 13:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2005/03/25 13:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 13:44:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/25 13:44:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/25 13:44:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/25 13:44:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/25 13:44:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/25 13:15:07 | 000,015,327 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/25 13:15:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/25 13:14:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/25 13:11:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/25 12:47:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/25 12:45:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/25 12:45:00 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/03/25 12:35:18 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/25 12:34:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/25 12:34:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/25 12:33:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 19:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 17:51:38 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/18 16:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/06 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/06 20:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/06 20:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/04/06 07:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/06 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/06/22 17:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/06 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/13 21:36:02 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >

 

Sorry. I actually edited my post to answer it, but you must have responded first.

I am aware of the limited space and tried to clean it up, but I was not able to make a significant change.

I was not aware of System Restore being disabled. Should I wait to re-set it?

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, July 14, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, July 13, 2010 23:47:30
Records in database: 4225956
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
W:\
X:\
Z:\

Scan statistics:
Objects scanned: 211381
Threats found: 2
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 06:26:49


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1634A12D-6D4A-6F00-B9E5-B41DC782B0F5}-AUTMGR32.EXE Infected: Trojan.Win32.Tdss.bilj 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{55696791-6A12-DBB0-FC5A-D8024A4CEB06}-AUTMGR32.EXE Infected: Trojan.Win32.Tdss.bilj 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C85141D-482C-6BAE-73EE-5FB9D32FBF2B}-vminco.dll Infected: Trojan-Downloader.Win32.Mufanom.wfo 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{855132BC-4482-5B1A-266D-1E50D7108BD0}-AUTMGR32.EXE Infected: Trojan.Win32.Tdss.bilj 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{877ECAF2-6C0F-AAEA-A5CE-C3464EA5D1D6}-AUTMGR32.EXE Infected: Trojan.Win32.Tdss.bilj 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E0E4A445-7887-FED5-11D4-84EF8D034D44}-AUTMGR32.EXE Infected: Trojan.Win32.Tdss.bilj 1

Selected area has been scanned.

 

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1634A12D-6D4A-6F00-B9E5-B41DC782B0F5}-AUTMGR32.EXE moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{55696791-6A12-DBB0-FC5A-D8024A4CEB06}-AUTMGR32.EXE moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C85141D-482C-6BAE-73EE-5FB9D32FBF2B}-vminco.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{855132BC-4482-5B1A-266D-1E50D7108BD0}-AUTMGR32.EXE moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{877ECAF2-6C0F-AAEA-A5CE-C3464EA5D1D6}-AUTMGR32.EXE moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E0E4A445-7887-FED5-11D4-84EF8D034D44}-AUTMGR32.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 111241718 bytes
->Temporary Internet Files folder emptied: 266369351 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 40560875 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3165 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 31062 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 634789 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 400.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07182010_164555

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\Arj.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\avlib.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\Avp1.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\AvpMgr.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\btimages.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\CAB.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\dmap.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\dtreg.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\FsDrvPlg.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\FSSync.dll moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\HashCont.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\HashMD5.PPL moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\HCCMP.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\ichk2.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\iChkSA.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\Inflate.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\IWGen.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\lha.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\L_llio.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\MailMsg.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\mdb.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\MDMAP.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\MemModSc.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\MemScan.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\minizip.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\MKavIO.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\msoe.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\nfio.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\NTFSstrm.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\prKernel.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\prLoader.dll moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\prseqio.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\PrUtil.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\Quantum.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\rar.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\ScanningProcess.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\sfdb.PPL moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\TempFile.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\thpimpl.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\UnArj.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\UniArc.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\UnLZX.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\UnStored.ppl moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\WDiskIO.ppl moved successfully.
File\Folder C:\WINDOWS\temp\TMP0000000321CF4BDDFB4BC003 not found!

Registry entries deleted on Reboot...