Solved About to run 8-step and post logs; quick questions first:

Status
Not open for further replies.
losdavos

losdavos

Posts: 128   +0
Hi, thanks in advance.

I understand that some of the steps require temporary disabling of live protection.

1. Step 5 says to turn off "script blocking" protection. I don't know what "script blocking" is. Is turning off my Avast antivirus protection like in Step 4 good enough? Or is there something else I'll need to turn off when I get to step 5?

2. Ever since successfully using the 8-Step a couple years ago, I've had "Super Anti Spyware" always running live (and auto-updating). I don't see that program mentioned in the current edition of the 8-Step. Should I definitely get rid of it and replace it with something else? Or is my Avast + Windows Firewall + general avoidance of IExplorer (I use Chrome and sometimes Firefox) good enough?

Thanks again! Logs to follow.
 
Welcome aboard
yahooo.gif


1.For both, steps, 4 and 5, you should turn off your Avast and IF you use Sybot, or Windows Defender, here it's how to disable them:

Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

*********************************************

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

2. Superantispyware is an excellent program and it works as a very good supplement to Malwarebytes.
 
Here are my logs

Now I'm wondering if maybe nothing was wrong. I was seeing a lot more popups than usual and strange ads that looked out of place on the sites they appeared...
Logs:
Mbam:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5441

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/2/2011 12:47:21 AM
mbam-log-2011-01-02 (00-47-21).txt

Scan type: Quick scan
Objects scanned: 140936
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-02 01:03:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\ahcix861Port0Path0Target0Lun0 Hitachi_ rev.FBEO
Running: uz5z0qvo.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdypog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x93B22BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x93B229D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x93B22B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


DDS:
dds.txt:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 1:10:02.57 on Sun 01/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1010 [GMT -5:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
svchost.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\mqtgsvc.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Power DVD Player] "c:\program files\power dvd player\PowerDVDPlayer.exe" hmw
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
mRun: [EPSON Stylus CX4200 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P35 "EPSON Stylus CX4200 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4200"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0vwr0176.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0vwr0176.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0vwr0176.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\administrator\application data\Move Networks

============= SERVICES / DRIVERS ===============

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-6-27 174600]
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2008-6-27 15416]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-5-30 108752]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-2-16 165584]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-16 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-13 40384]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-24 359952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-27 193840]
S2 gupdate1c9c2fd5efdb22e;Google Update Service (gupdate1c9c2fd5efdb22e);c:\program files\google\update\GoogleUpdate.exe [2009-4-21 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-13 40384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944]

=============== File Associations ===============

inffile=c:\windows\system32\NOTEPAD.EXE "%1"

=============== Created Last 30 ================

2011-01-02 05:37:13 -------- d-----w- c:\docume~1\admini~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-12-21 05:58:07 -------- d-----w- c:\program files\iPod
2010-12-21 05:58:00 -------- d-----w- c:\program files\iTunes
2010-12-15 13:32:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-12-15 13:32:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-12-15 13:32:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-12-15 10:35:48 -------- d-----w- c:\docume~1\admini~1\applic~1\Local
2010-12-14 21:42:05 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 21:41:41 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-14 10:20:09 -------- d-----w- c:\program files\Bonjour
2010-12-10 02:32:05 -------- d-----w- c:\program files\ezt
2010-12-06 19:09:50 11336456 ----a-w- c:\documents and settings\all users\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
2010-12-06 19:09:50 -------- d-----w- c:\documents and settings\all users\Temp

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ------w- c:\windows\system32\win32k.sys
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 1:10:58.09 ===============


Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2009 12:23:10 AM
System Uptime: 1/2/2011 12:32:51 AM (1 hours ago)

Motherboard: Hewlett-Packard | | 30E4
Processor: AMD Turion(tm)X2 Dual Core Mobile RM-70 | Unknown | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 232 GiB total, 111.548 GiB free.
D: is FIXED (FAT32) - 1 GiB total, 0.999 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP566: 10/4/2010 3:38:28 AM - System Checkpoint
RP567: 10/5/2010 6:28:02 AM - System Checkpoint
RP568: 10/6/2010 3:00:17 AM - Software Distribution Service 3.0
RP569: 10/7/2010 3:00:30 AM - System Checkpoint
RP570: 10/8/2010 9:34:06 AM - System Checkpoint
RP571: 10/9/2010 12:46:06 PM - System Checkpoint
RP572: 10/10/2010 1:33:18 PM - System Checkpoint
RP573: 10/11/2010 2:10:03 PM - System Checkpoint
RP574: 10/12/2010 2:42:39 PM - System Checkpoint
RP575: 10/13/2010 3:00:25 AM - Software Distribution Service 3.0
RP576: 10/14/2010 6:19:37 AM - System Checkpoint
RP577: 10/15/2010 7:43:39 AM - System Checkpoint
RP578: 10/16/2010 10:57:57 AM - System Checkpoint
RP579: 10/17/2010 11:19:53 AM - System Checkpoint
RP580: 10/18/2010 6:36:42 PM - System Checkpoint
RP581: 10/19/2010 6:44:05 PM - System Checkpoint
RP582: 10/20/2010 7:29:14 PM - System Checkpoint
RP583: 10/23/2010 12:25:32 AM - System Checkpoint
RP584: 10/24/2010 5:50:24 AM - System Checkpoint
RP585: 10/25/2010 1:37:25 AM - Installed Java(TM) 6 Update 22
RP586: 10/26/2010 2:13:11 AM - System Checkpoint
RP587: 10/27/2010 2:15:53 AM - System Checkpoint
RP588: 10/28/2010 2:37:18 AM - System Checkpoint
RP589: 10/29/2010 3:05:50 AM - System Checkpoint
RP590: 10/30/2010 3:33:15 AM - System Checkpoint
RP591: 10/31/2010 5:48:32 AM - System Checkpoint
RP592: 11/1/2010 8:56:44 AM - System Checkpoint
RP593: 11/2/2010 9:39:02 AM - System Checkpoint
RP594: 11/3/2010 10:32:41 AM - System Checkpoint
RP595: 11/4/2010 11:08:06 AM - System Checkpoint
RP596: 11/6/2010 12:59:58 AM - System Checkpoint
RP597: 11/7/2010 12:59:41 AM - System Checkpoint
RP598: 11/8/2010 1:48:52 AM - System Checkpoint
RP599: 11/9/2010 5:47:55 AM - System Checkpoint
RP600: 11/10/2010 1:20:30 AM - Software Distribution Service 3.0
RP601: 11/11/2010 1:43:21 AM - System Checkpoint
RP602: 11/12/2010 3:13:40 AM - System Checkpoint
RP603: 11/13/2010 5:03:10 AM - System Checkpoint
RP604: 11/14/2010 6:07:58 AM - System Checkpoint
RP605: 11/15/2010 7:01:02 AM - System Checkpoint
RP606: 11/16/2010 9:28:31 AM - System Checkpoint
RP607: 11/17/2010 9:32:52 AM - System Checkpoint
RP608: 11/18/2010 2:15:46 PM - System Checkpoint
RP609: 11/19/2010 4:02:06 PM - System Checkpoint
RP610: 11/20/2010 4:48:18 PM - System Checkpoint
RP611: 11/21/2010 5:29:53 PM - System Checkpoint
RP612: 11/22/2010 5:41:49 PM - System Checkpoint
RP613: 11/23/2010 5:47:01 PM - System Checkpoint
RP614: 11/24/2010 6:18:15 PM - System Checkpoint
RP615: 11/25/2010 7:58:44 PM - System Checkpoint
RP616: 11/26/2010 10:21:59 PM - System Checkpoint
RP617: 11/27/2010 10:32:01 PM - System Checkpoint
RP618: 11/29/2010 12:32:42 AM - System Checkpoint
RP619: 11/30/2010 2:37:51 PM - System Checkpoint
RP620: 12/1/2010 2:45:17 PM - System Checkpoint
RP621: 12/2/2010 3:05:12 PM - System Checkpoint
RP622: 12/4/2010 7:44:58 AM - System Checkpoint
RP623: 12/5/2010 8:45:41 AM - System Checkpoint
RP624: 12/6/2010 9:01:00 AM - System Checkpoint
RP625: 12/6/2010 2:10:52 PM - Installed MozyHome
RP626: 12/7/2010 7:52:00 PM - System Checkpoint
RP627: 12/8/2010 8:39:14 PM - System Checkpoint
RP628: 12/9/2010 11:25:22 PM - System Checkpoint
RP629: 12/11/2010 10:04:36 AM - System Checkpoint
RP630: 12/12/2010 10:26:44 AM - System Checkpoint
RP631: 12/13/2010 11:18:52 AM - System Checkpoint
RP632: 12/14/2010 5:24:31 PM - System Checkpoint
RP633: 12/15/2010 3:00:40 AM - Software Distribution Service 3.0
RP634: 12/16/2010 3:34:48 AM - System Checkpoint
RP635: 12/17/2010 6:32:06 AM - System Checkpoint
RP636: 12/19/2010 3:00:24 AM - Software Distribution Service 3.0
RP637: 12/20/2010 7:35:58 PM - System Checkpoint
RP638: 12/22/2010 1:15:10 AM - System Checkpoint
RP639: 12/23/2010 1:56:31 AM - System Checkpoint
RP640: 12/24/2010 5:54:11 AM - System Checkpoint
RP641: 12/25/2010 6:29:16 AM - System Checkpoint
RP642: 12/26/2010 6:51:32 AM - System Checkpoint
RP643: 12/27/2010 12:23:34 AM - Installed Java(TM) 6 Update 23
RP644: 12/28/2010 8:59:04 AM - System Checkpoint
RP645: 12/29/2010 10:20:19 AM - System Checkpoint
RP646: 12/30/2010 10:58:28 AM - System Checkpoint
RP647: 12/31/2010 12:08:17 PM - System Checkpoint
RP648: 1/1/2011 12:24:52 PM - System Checkpoint

==== Installed Programs ======================


Acrobat.com
ActivClient 6.1 x86
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Amazon MP3 Downloader 1.0.5
AMD Driver Support for HP 3D DriverGuard
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Audio CD Duplicator
avast! Free Antivirus
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Credential Manager for HP ProtectTools
DivX Setup
Drive Encryption for HP ProtectTools
EPSON Printer Software
EPSON Scan
Express Burn
Express Rip
Flickr Uploadr 3.2.1
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP 3D DriveGuard
HP BatteryCheck 2.10 A2
HP Doc Viewer
HP Help and Support
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP Smart Web Printing
HP Software Setup 5.00.A.7
HP User Guide Bluetooth Addendum 0062
HP User Guides 0108
HP Wallpaper
HP Webcam
HP Webcam Application
HP Wireless Assistant
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.3)
MozyHome
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
OGA Notifier 2.0.0048.0
Palm Desktop by ACCESS
PeerGuardian 2.0
Picasa 3
Power DVD Player
QuickTime
RealPlayer
RealUpgrade 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skins
Skype™ 5.0
SoundMAX
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

12/28/2010 11:45:45 PM, error: VolSnap [21] - The flush and hold operation for volume D: was aborted because of low available system memory.
12/28/2010 11:45:45 PM, error: VolSnap [21] - The flush and hold operation for volume C: was aborted because of low available system memory.
1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:13 AM, error: Service Control Manager [7031] - The MozyHome Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/2/2011 12:31:13 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/2/2011 12:31:12 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:12 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:12 AM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:12 AM, error: Service Control Manager [7034] - The ActivClient Middleware Service service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:12 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/2/2011 12:31:09 AM, error: Service Control Manager [7034] - The Drive Encryption Service service terminated unexpectedly. It has done this 1 time(s).
1/2/2011 12:31:09 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 
So far, I don't see much...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Combofix restarted the machine, and I can't find its log anywhere. I stepped away while it was running and after a while I heard the machine restart. Couldn't find Combofix.txt at C:\ or anywhere.... Here's MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 158):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF798D000 viaide.sys
0xF798F000 aliide.sys
0xF7329000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF730A000 ftdisk.sys
0xF7991000 dmload.sys
0xF72E4000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72CC000 atapi.sys
0xF728B000 ahcix86.sys
0xF7273000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF74D7000 SbAlg.sys
0xF74E7000 disk.sys
0xF74F7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7253000 fltmgr.sys
0xF7993000 SbFsLock.sys
0xF7241000 sr.sys
0xF7507000 PxHelp20.sys
0xF722A000 KSecDD.sys
0xF719D000 Ntfs.sys
0xF7170000 NDIS.sys
0xF7517000 sfaudio.sys
0xF7157000 SafeBoot.sys
0xF713D000 Mup.sys
0xF7717000 hpdskflt.sys
0xF771F000 Amddfltr.sys
0xA9F64000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xA9310000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xA92FC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xA92B3000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xA9F54000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7547000 \SystemRoot\system32\DRIVERS\redbook.sys
0xA9290000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7887000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF788F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xA926C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF772F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xA9244000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF773F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0xA97C9000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA91C8000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF7747000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xA9195000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7757000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0xF792F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7933000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xA97B9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7937000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7B4E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xA97A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF793B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xA917E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xA9799000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xA9789000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7767000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xA916D000 \SystemRoot\system32\DRIVERS\psched.sys
0xA9779000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF776F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7777000 \SystemRoot\system32\DRIVERS\raspti.sys
0xA913D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xA9769000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79D3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xA90DF000 \SystemRoot\system32\DRIVERS\update.sys
0xF7953000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xA9A5A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9759000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7687000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x978A5000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x97881000 \SystemRoot\system32\drivers\portcls.sys
0xF7697000 \SystemRoot\system32\drivers\drmk.sys
0x97869000 \SystemRoot\system32\drivers\AEAudio.sys
0x97743000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7807000 \SystemRoot\System32\Drivers\Modem.SYS
0x93EF1000 \SystemRoot\system32\DRIVERS\mozy.sys
0xF7A33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9497E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A35000 \SystemRoot\System32\Drivers\Beep.SYS
0x9525A000 \SystemRoot\System32\drivers\vga.sys
0xF7A37000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A39000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x95252000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9524A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x97733000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x93EBE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x93E65000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x94D88000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x93E3F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x93E18000 \SystemRoot\System32\Drivers\Mpfp.sys
0x94D78000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x94D68000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x93DF0000 \SystemRoot\system32\DRIVERS\netbt.sys
0x93DCE000 \SystemRoot\System32\drivers\afd.sys
0x94D58000 \SystemRoot\system32\DRIVERS\netbios.sys
0x93DAC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x94E3A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF7A3B000 \SystemRoot\System32\Drivers\RsvLock.SYS
0x93D81000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93D11000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9443E000 \SystemRoot\System32\Drivers\Fips.SYS
0x93B58000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x9442E000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x94E32000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x93B34000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x93B0D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x911A7000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0x91110000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8F420000 \SystemRoot\System32\Drivers\dump_ahcix86.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x8FF5A000 \SystemRoot\System32\drivers\Dxapi.sys
0x9117F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x90FDD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF05F000 \SystemRoot\System32\ati2cqag.dll
0xBF0DE000 \SystemRoot\System32\atikvmag.dll
0xBF14E000 \SystemRoot\System32\atiok3x2.dll
0xBF17C000 \SystemRoot\System32\ati3duag.dll
0xBF484000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x8F940000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA8069000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8B2B4000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x8AF44000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x8ABFB000 \SystemRoot\system32\drivers\wdmaud.sys
0x8AD64000 \SystemRoot\system32\drivers\sysaudio.sys
0x8A996000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x8AB05000 \SystemRoot\system32\DRIVERS\srv.sys
0x8AACE000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0x8D9FD000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0x8F042000 \SystemRoot\System32\Drivers\HTTP.sys
0x8F9AF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8ECEE000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdypog.sys
0x95A78000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
0x8EC53000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
688 csrss.exe
720 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
960 C:\WINDOWS\system32\svchost.exe
988 C:\WINDOWS\system32\ati2evxx.exe
1012 C:\WINDOWS\system32\svchost.exe
1076 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
1120 svchost.exe
1164 C:\WINDOWS\system32\svchost.exe
1256 svchost.exe
1288 svchost.exe
1404 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1476 acevents.exe
1532 C:\WINDOWS\system32\ati2evxx.exe
1832 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
1848 C:\WINDOWS\explorer.exe
432 C:\WINDOWS\system32\accelerometerST.exe
472 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
504 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
512 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
680 C:\Program Files\Analog Devices\Core\smax4pnp.exe
1068 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1228 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1200 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1304 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1616 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1668 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
1744 C:\Program Files\iTunes\iTunesHelper.exe
1908 C:\WINDOWS\system32\ctfmon.exe
2108 C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
2136 C:\Program Files\Skype\Phone\Skype.exe
2224 C:\Program Files\MozyHome\mozystat.exe
2232 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2360 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
2724 C:\WINDOWS\system32\spoolsv.exe
2800 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2984 scardsvr.exe
3228 svchost.exe
3348 msdtc.exe
3412 C:\Program Files\ActivIdentity\ActivClient\accoca.exe
3472 C:\Program Files\Skype\Plugin Manager\skypePM.exe
3536 C:\WINDOWS\system32\agrsmsvc.exe
3556 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3664 C:\Program Files\Bonjour\mDNSResponder.exe
3824 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
3848 C:\Program Files\Java\jre6\bin\jqs.exe
3896 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
3948 C:\Program Files\MozyHome\mozybackup.exe
4004 C:\WINDOWS\system32\svchost.exe
4076 C:\WINDOWS\system32\mqsvc.exe
652 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
828 C:\WINDOWS\system32\mqtgsvc.exe
344 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2412 C:\Program Files\Canon\CAL\CALMAIN.exe
3076 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3328 wmiprvse.exe
3508 C:\Program Files\iPod\bin\iPodService.exe
4132 alg.exe
4412 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4560 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3216 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
5308 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4636 C:\WINDOWS\system32\rundll32.exe
468 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3860 C:\WINDOWS\system32\sndvol32.exe
6084 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
7832 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
6264 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`f8517c00 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS543225L9A3, Rev: FBEO

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Combofix:
 
Here's my Combofix log, thanks:

ComboFix 11-01-02.03 - Administrator 01/03/2011 1:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1038 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Local
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1754786586452_50476.mp4.ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\3.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\dexter.s05e12.hdtv.xvid-fqm.avi.ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\3.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\1754786586452_50476.mp4
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\dexter.s05e12.hdtv.xvid-fqm.avi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Administrator\g2mdlhlpx.exe
C:\Thumbs.db
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-02 05:37 . 2011-01-02 05:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-12-21 05:58 . 2010-12-21 05:58 -------- d-----w- c:\program files\iPod
2010-12-21 05:58 . 2010-12-21 05:59 -------- d-----w- c:\program files\iTunes
2010-12-15 13:32 . 2010-12-16 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-15 13:32 . 2010-12-15 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-12-14 21:42 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 21:41 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-14 10:20 . 2010-12-14 10:20 -------- d-----w- c:\program files\Bonjour
2010-12-13 11:35 . 2010-12-13 11:35 -------- d-----w- c:\program files\Common Files\Skype
2010-12-11 03:59 . 2010-12-11 03:59 -------- d-----w- c:\program files\Panasonic
2010-12-10 02:32 . 2010-12-27 05:27 -------- d-----w- c:\program files\ezt
2010-12-06 19:09 . 2010-12-06 19:09 -------- d-----w- c:\documents and settings\All Users\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2009-02-12 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-02-12 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-08-04 08:00 81920 ------w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-06-14 06:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2010-04-08 08:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-08 21:06 . 2009-04-06 05:09 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-11-06 00:26 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 08:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 08:00 1853312 ------w- c:\windows\system32\win32k.sys
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-22 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-18 2424560]
"Power DVD Player"="c:\program files\Power DVD Player\PowerDVDPlayer.exe" [2007-09-06 391168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"EPSON Stylus CX4200 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-17 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-11-8 3571512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ------w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-05-21 00:42 111888 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [6/27/2008 1:57 AM 174600]
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [6/27/2008 2:21 AM 15416]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [5/30/2008 11:36 AM 108752]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [5/30/2008 11:37 AM 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [5/30/2008 11:37 AM 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/16/2009 10:12 AM 165584]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [5/30/2008 11:37 AM 12496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 67656]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/16/2009 10:12 AM 17744]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [5/30/2008 11:36 AM 256512]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/27/2008 3:21 AM 193840]
S2 gupdate1c9c2fd5efdb22e;Google Update Service (gupdate1c9c2fd5efdb22e);c:\program files\Google\Update\GoogleUpdate.exe [4/21/2009 10:49 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
S4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/2/2008 12:32 PM 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-01-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 03:49]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 03:49]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 03:49]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1462882443-3925474752-26676261-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 01:48]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1462882443-3925474752-26676261-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 01:48]

2011-01-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2011-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1462882443-3925474752-26676261-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

2011-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1462882443-3925474752-26676261-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

2010-11-10 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-06 04:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Administrator\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 01:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@

scanning hidden files ...


c:\windows\TEMP\_asw_aisI.tm~a05388\onefile 540 bytes
c:\windows\TEMP\_asw_aisI.tm~a05388\setup.lok 0 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1462882443-3925474752-26676261-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,0b,f7,a6,f2,b5,90,40,ac,3f,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,3d,e8,f4,30,12,a5,4a,9d,91,b8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,aa,db,54,3a,1c,9a,42,b9,31,80,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
c:\program files\Hewlett-Packard\Drive Encryption\SbHpFve.dll
c:\program files\Hewlett-Packard\Drive Encryption\SbUILib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll
c:\windows\system32\acomx.dll
c:\windows\system32\acbsi21.dll

- - - - - - - > 'explorer.exe'(7488)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\msdtc.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-03 01:56:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-03 06:56
ComboFix2.txt 2009-02-16 06:48
ComboFix3.txt 2009-02-13 05:45

Pre-Run: 119,403,012,096 bytes free
Post-Run: 119,327,440,896 bytes free

- - End Of File - - B076896CAE383FC292E75737FAEFBE7C
 
You never actually said, what are your computer issues.

Combofix log looks good now....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Thanks. The problems I was having were a lot of popups (I usually get none) and a lot of weirdly out-of-place looking ads (erectile dysfunction ads on NYTimes.com). I don't know, perhaps it wasn't evidence of an infection; I hope I'm not wasting anyone's time! Here are the OTL logs (over 3 posts):

OTL.txt, part 1 of 2:


OTL logfile created on: 1/5/2011 10:57:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 231.87 Gb Total Space | 111.15 Gb Free Space | 47.94% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.71% Space Free | Partition Type: FAT32

Computer Name: SHEILA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/05 22:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/12/17 22:42:07 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/08 14:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/08 16:06:46 | 003,571,512 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/10/17 17:26:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/14 05:08:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/16 23:07:09 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/06/09 10:10:04 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/05/30 11:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/20 19:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 10:09:56 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/09/06 02:28:28 | 000,391,168 | ---- | M] () -- C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
PRC - [2007/05/15 18:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 18:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 18:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/01/05 22:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/16 23:09:00 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2008/03/25 07:17:04 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/06/02 12:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/30 11:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/20 19:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/20 19:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/15 18:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/03 20:41:22 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 07:25:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 07:25:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/29 15:33:04 | 000,213,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/02 18:20:18 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/10/23 13:08:54 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/05/30 11:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/30 11:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/30 11:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/30 11:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/27 08:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ahcix86.sys -- (ahcix86)
DRV - [2008/05/23 08:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 08:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/05/15 19:33:44 | 002,881,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 17:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 13:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/11 11:19:42 | 000,338,944 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/03 16:57:00 | 000,296,320 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/28 05:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/21 13:35:14 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/03/12 10:43:26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/12/04 16:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/16 18:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/09/17 20:05:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/16 23:09:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/15 05:35:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/15 05:35:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 05:12:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/02 01:52:54 | 000,000,000 | ---D | M]

[2010/02/09 21:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/02/09 21:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2011/01/04 19:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\extensions
[2009/11/19 23:38:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/07 19:30:38 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/04/15 20:45:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/04 19:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/14 01:11:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 06:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 00:38:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 00:24:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/03 01:37:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [Power DVD Player] C:\Program Files\Power DVD Player\PowerDVDPlayer.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ackpbsc: DllName - c:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
OTL.txt part 2 of 2:

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 22:55:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/04 23:03:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/03 00:09:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/02 00:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/02 00:11:33 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/02 00:08:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/12/27 00:24:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/27 00:24:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/27 00:24:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/21 00:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2010/12/21 00:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/21 00:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/19 09:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\calendar pictures
[2010/12/15 08:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/12/15 08:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/12/15 08:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/12/15 05:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2010/12/14 16:42:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/14 16:41:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/14 05:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/14 05:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2010/12/14 05:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/13 06:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/12/13 06:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/11 00:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2010/12/11 00:57:12 | 002,963,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
[2010/12/10 22:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panasonic
[2010/12/10 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2010/12/09 21:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\ezt
[2009/01/24 00:27:20 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/07/05 03:28:52 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/05 23:00:21 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1462882443-3925474752-26676261-500.job
[2011/01/05 23:00:21 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1462882443-3925474752-26676261-500.job
[2011/01/05 22:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/05 22:31:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1462882443-3925474752-26676261-500UA.job
[2011/01/05 22:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/05 18:31:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1462882443-3925474752-26676261-500Core.job
[2011/01/05 18:13:24 | 000,004,390 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/01/05 18:13:24 | 000,002,046 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/01/05 14:33:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/05 06:13:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/05 04:52:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/05 04:52:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/01/05 04:51:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/05 04:51:36 | 1875,759,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/04 23:35:11 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\one-vzw.doc
[2011/01/04 21:48:10 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Return address labels - David.doc
[2011/01/03 23:12:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/03 01:37:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/03 00:09:29 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/01/02 23:57:27 | 004,012,456 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/02 23:57:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2011/01/02 00:11:48 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\uz5z0qvo.exe
[2011/01/02 00:11:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/02 00:08:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/12/25 01:38:10 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/23 07:32:06 | 000,118,623 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\santa.jpg
[2010/12/21 15:35:37 | 000,074,188 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/21 00:59:18 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 08:58:03 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\return address labels 5167 David Dartley.doc
[2010/12/18 23:37:57 | 000,166,912 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eo-one12-18-10.doc
[2010/12/17 23:07:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/16 11:07:34 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/12/15 05:35:48 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/12/15 05:34:55 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/12/15 05:34:09 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/12/15 03:26:10 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 03:08:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/14 05:12:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/13 16:31:48 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/12/13 16:31:48 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/13 06:35:57 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/12/11 00:57:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/11 00:57:14 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
[2010/12/10 22:59:47 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LX5 Operating Instructions.lnk
[2010/12/09 21:32:22 | 000,001,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Download Free Music.lnk
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 23:35:10 | 000,199,168 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\one-vzw.doc
[2011/01/04 21:48:09 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Return address labels - David.doc
[2011/01/03 00:06:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/03 00:06:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/02 23:57:29 | 004,012,456 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/02 23:57:09 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2011/01/02 00:11:50 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\uz5z0qvo.exe
[2010/12/23 07:32:21 | 000,118,623 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\santa.jpg
[2010/12/21 00:59:18 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/19 08:58:03 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\return address labels 5167 David Dartley.doc
[2010/12/18 23:37:56 | 000,166,912 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eo-one12-18-10.doc
[2010/12/15 05:34:55 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/12/15 05:34:09 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/12/14 05:12:28 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/13 06:35:57 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/12/11 00:57:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/10 22:59:47 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LX5 Operating Instructions.lnk
[2010/12/09 21:32:22 | 000,001,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Download Free Music.lnk
[2010/11/26 23:18:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010/08/26 23:39:25 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/29 00:21:38 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/11/14 16:59:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2009/08/25 23:09:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/25 23:09:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/25 23:09:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/25 23:09:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/25 23:09:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/25 23:09:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/08/09 23:01:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/07 00:06:05 | 000,000,779 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/20 18:50:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/09 00:48:49 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/01/27 13:21:22 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/24 00:54:07 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/06/27 03:27:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt
[2008/06/27 03:27:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt
[2008/06/27 03:27:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt
[2008/06/27 02:59:59 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/30 11:36:58 | 000,108,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2008/04/10 12:27:34 | 001,804,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/05/10 01:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2006/05/19 21:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005/12/31 09:19:08 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/12/31 09:13:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/11/30 06:49:56 | 000,161,792 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/04/03 17:30:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2004/08/07 08:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/05/06 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/02/16 01:44:50 | 000,006,940 | ---- | M] () -- C:\aaw7boot.log
[2009/02/13 00:38:42 | 000,000,293 | ---- | M] () -- C:\Boot.bak
[2011/01/03 00:09:29 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/03 01:57:08 | 000,026,532 | ---- | M] () -- C:\ComboFix.txt
[2011/01/05 04:51:36 | 1875,759,104 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/12 21:54:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/12 21:54:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | -HS- | M] () -- C:\ntdetect.com
[2009/02/16 22:36:05 | 000,250,048 | -HS- | M] () -- C:\ntldr
[2011/01/05 04:51:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/09/09 02:06:11 | 000,006,656 | ---- | M] () -- C:\palm.grf

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/07 08:02:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/07 00:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 00:52:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/07 00:52:06 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/16 22:41:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/01/24 00:25:18 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/07 08:08:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/11 00:57:14 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
[2011/01/02 23:57:27 | 004,012,456 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/01/02 00:11:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/02 23:57:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2011/01/05 22:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/02/08 21:48:11 | 031,262,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setupeng.exe
[2011/01/02 00:08:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2011/01/02 00:11:48 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\uz5z0qvo.exe
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/20 02:53:02 | 000,013,022 | ---- | M] () -- C:\WINDOWS\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/09/16 21:16:14 | 019,212,064 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Administrator\My Documents\HP_Smart_Web_Printing.exe
[2009/12/30 06:33:38 | 003,244,096 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Administrator\My Documents\sp42853.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/24 00:25:17 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini
[2010/06/05 23:22:27 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/06 14:10:15 | 011,336,456 | ---- | M] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/05 23:00:19 | 000,081,920 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat
[1 C:\Documents and Settings\Administrator\Cookies\*.tmp files -> C:\Documents and Settings\Administrator\Cookies\*.tmp -> ]

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2008/06/04 15:44:22 | 000,685,448 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Installer\HPPTSuiteInstallEngine.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 22:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 22:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras.txt:


OTL Extras logfile created on: 1/5/2011 10:57:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 231.87 Gb Total Space | 111.15 Gb Free Space | 47.94% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.71% Space Free | Partition Type: FAT32

Computer Name: SHEILA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Palm\Hotsync.exe" = C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B62241-5495-46EF-5086-DBE0F37F052C}" = Catalyst Control Center Localization Korean
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23
"{27FE77BD-2E0A-385C-C2CC-8367D877356F}" = CCC Help Norwegian
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CD54AED-740B-1418-464E-CC8E15AD1E4F}" = Catalyst Control Center Localization Swedish
"{2D0EE88B-8720-50A7-7F31-503B4300A8C5}" = Catalyst Control Center Localization French
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35EB3E58-F46C-CB48-C623-16A455C37C5D}" = CCC Help Turkish
"{36C491D0-A196-F49C-C63C-3509D7A2B91D}" = CCC Help Finnish
"{37AF26EB-ACCD-4F9C-A13E-81483F932203}" = Catalyst Control Center - Branding
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45E6BF4C-6DC8-B1BB-517C-5F2C1D055A9B}" = CCC Help Hungarian
"{48072101-4DFE-9DC2-9F5D-DE0EF7193C98}" = CCC Help Korean
"{49798684-CC48-AF5C-E513-9FFF61EFD3A6}" = CCC Help Japanese
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{4CF11D44-43B7-1359-B438-972C69D7AD6F}" = CCC Help Spanish
"{4ED20E34-D511-A85B-D7E5-755AE64D5F6C}" = CCC Help Portuguese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B186F6-E6A7-A997-92E6-3E8C6189F497}" = Catalyst Control Center Localization Japanese
"{5AB422C9-E804-1331-233E-E44D8BBC1862}" = CCC Help German
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5ED80CF6-D54D-5F9B-2B9C-E3B6F927879D}" = CCC Help Czech
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60AFC32A-B82F-3818-E90B-A71446BBCCD6}" = Catalyst Control Center Localization Greek
"{6162653F-D1AB-6708-C73B-8411296900AE}" = Catalyst Control Center Localization Portuguese
"{6179EAEB-0C72-0241-DC0B-0258E86B982A}" = ccc-core-preinstall
"{64FBF438-35D1-8A01-FB00-36911B07FC72}" = Catalyst Control Center Graphics Light
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{6B4469FE-20FA-9E1D-6634-CF971706BD24}" = Catalyst Control Center Localization Chinese Traditional
"{6C17DE97-6A5A-FA9C-0F4C-8B027E6AC014}" = CCC Help Russian
"{6FCA773E-903A-5C83-D379-DD53F9EFD794}" = Catalyst Control Center Localization Turkish
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747626CF-7958-290F-A7D8-6EE6549C8614}" = Catalyst Control Center Localization Hungarian
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B459B8C-D870-2C14-9BA7-ABFFBCE7CD34}" = CCC Help Italian
"{7BE1B3CE-5476-B847-4719-4421AEC5C663}" = CCC Help Thai
"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
"{875FDD1A-4259-9361-572C-780AC637C81A}" = Catalyst Control Center Localization Czech
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F676C36-74D3-9B7B-00FC-733EE5AFDA95}" = CCC Help Chinese Traditional
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95C42225-F0E2-4480-AD65-560D854F252E}" = Palm Desktop by ACCESS
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A2CB5EC7-E64F-5E35-2A23-63CB198649F5}" = CCC Help Greek
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A777845E-F260-4572-787B-2BD08E560C78}" = Catalyst Control Center Localization Spanish
"{A7A1BCB9-B9EE-3DBB-6F1C-570C532B9190}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A9884559-F231-7727-95F4-41FDB052A536}" = Catalyst Control Center Localization Russian
"{AB785290-EA80-7A10-B2C6-98919E514A68}" = Catalyst Control Center Graphics Full New
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AEA355A4-997D-A49D-A57A-CF537FFFEC84}" = Skins
"{B18A542F-C99B-73C9-6552-73E1216E8834}" = CCC Help Dutch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5764B71-4BCE-206A-DE15-2E05469AA74C}" = Catalyst Control Center Localization Polish
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{B817499D-2D52-2F37-DF6F-40735748FA88}" = CCC Help English
"{BC66641A-3279-BB5E-BEAB-99B39D13B3BD}" = CCC Help Polish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3D86DED-91D7-A890-5E9E-D14D993B5E9E}" = Catalyst Control Center Localization Dutch
"{C4BEF3C4-9DF1-6D99-6C46-BBBF8E4B07A5}" = ccc-core-static
"{C6BB4BD5-15D5-0B2D-CF4A-49BDCD7B3AC3}" = Catalyst Control Center Localization Norwegian
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C90BE263-E9B8-AD82-C517-3197FA4DA9C4}" = CCC Help Danish
"{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
"{D9C94F63-6B2C-9BFA-F37C-E48E1B6133E1}" = CCC Help Swedish
"{E19DF3EF-351E-EE5E-623B-1A99C8C3EB5F}" = Catalyst Control Center Graphics Full Existing
"{E2EF1380-9963-C7F9-3478-1046EC008C02}" = Catalyst Control Center Localization Chinese Standard
"{E5C1C126-1687-4868-A3DD-B807176E4970}" = HP 3D DriveGuard
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E78D8DE3-E3CD-E89C-D5A0-D8FFE5F6E7F9}" = CCC Help Chinese Standard
"{EA7D5022-7744-4D28-0E83-2DF9678C27B6}" = Catalyst Control Center Core Implementation
"{EDD0A584-1ABB-8E7B-97AB-743C7E35EEA7}" = Catalyst Control Center Localization German
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBC8D78-75EA-4BB1-0CC6-172BFDF4B70F}" = Catalyst Control Center Localization Danish
"{F01701B8-2C94-282D-9339-23AFBEDBE3E2}" = Catalyst Control Center Localization Italian
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BE302E-6B30-B816-4EA3-23CD6A23B08D}" = ccc-utility
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
"{F940B4EC-8504-CEE5-F36C-C2F5471D9E87}" = Catalyst Control Center Localization Thai
"{FBAA2B2F-002D-45BB-2917-35FC46FB1326}" = Catalyst Control Center Localization Finnish
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Audio CD Duplicator" = Audio CD Duplicator
"avast5" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Setup.divx.com" = DivX Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Smart Web Printing" = HP Smart Web Printing
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa 3" = Picasa 3
"Power DVD Player" = Power DVD Player
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 1/5/2011 10:30:58 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8856000

Error - 1/5/2011 10:31:01 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2011 10:31:01 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8858672

Error - 1/5/2011 10:31:01 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8858672

Error - 1/5/2011 10:31:04 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2011 10:31:04 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8861641

Error - 1/5/2011 10:31:04 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8861641

Error - 1/5/2011 10:31:06 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2011 10:31:06 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8863969

Error - 1/5/2011 10:31:06 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8863969

[ OSession Events ]
Error - 3/28/2009 1:41:14 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:41:37 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:42:06 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:42:17 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:42:24 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:42:36 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:43:07 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:43:16 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:43:34 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/28/2009 1:43:41 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7031
Description = The MozyHome Backup Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly. It has done this 1
time(s).

Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
Description = The Com4QLBEx service terminated unexpectedly. It has done this 1
time(s).

Error - 1/3/2011 1:10:49 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

Error - 1/3/2011 2:11:53 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

Error - 1/3/2011 2:37:55 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
DRV - [2008/10/23 13:08:54 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ak.g.gametap.com/static/cab_h...WebUpdater.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_se...zTCPConfig.CAB (Reg Error: Key error.)
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

:Files
c:\Program Files\Common Files\McAfee


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Ugh, I don't know what became of the log that OTL generated after I ran the custom fix you posted above! Let me know if I need to double back and repeat steps, but in the hopes that I don't, here is the checkup.txt log from "Security Check," and note that ESET said it found no threats.

Checkup.txt:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 23
HP JavaCard for HP ProtectTools
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````




Thanks for everything so far.
 
Please, re-run OTL fix and post the log.

==================================================

Update Firefox to the latest 3.6.13 version.

====================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button
 
Updated firefox to "3.6.6." Adobe Reader is updated and it looks like all older versions were removed in the process (I didn't actively uninstall anything).

OTL fix log:


All processes killed
========== OTL ==========
No active process named McProxy.exe was found!
Error: No service named MPFP was found to stop!
Service\Driver key MPFP not found.
File C:\WINDOWS\system32\drivers\Mpfp.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
File/Folder C:\Documents and Settings\Administrator\Desktop\*.tmp not found.
========== FILES ==========
File\Folder c:\Program Files\Common Files\McAfee not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 422939 bytes
->Temporary Internet Files folder emptied: 1283740 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68925919 bytes
->Google Chrome cache emptied: 271559099 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4875 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 327.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01072011_012244

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_ec0.dat moved successfully.

Registry entries deleted on Reboot...
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Okay, about to do steps 2-12, and here is the OTL log from step 1:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 424640 bytes
->Temporary Internet Files folder emptied: 1044853 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8395855 bytes
->Google Chrome cache emptied: 338826245 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3883 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 333.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.1 log created on 01072011_224038

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_1500.dat moved successfully.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
460
eriksnyman1
E
midian182
Amazon removes Dolby Vision and Atmos from Prime Video unless you pay to go ad-free
2
Replies
31
Views
577
TempleOrion
TempleOrion
midian182
Radio station introduces an AI DJ and people aren't happy about it
Replies
8
Views
533
hwertz
hwertz

Latest posts

Back