Help remove rootkit virus identified by Malwarebytes

Hi Broni, i have completed the above step and pasted its log. Please let me know how the machine looks now....?

mhh my bad. i didn't realize we had moved to page-3. I was still looking at page-2. I need to do the Avenger step yet.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

Hi Broni, Thank you very much for your help.

I have pasted the logs from Avenger above. Let me know what you think..

The system performance is definitely better but I am unsure of the rootkit since I lost one machine already.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\Ppoluwenanojoway.bin" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

on it right now

OTL logfile created on: 12/12/2010 7:00:18 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 35.27 Gb Free Space | 47.34% Space Free | Partition Type: NTFS
Drive D: | 7.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/10 22:55:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/06/05 10:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:44 | 000,076,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPDN_LU.exe
PRC - [2006/09/27 20:33:42 | 000,280,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPC32.exe
PRC - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/03 21:03:22 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/10/27 12:15:52 | 000,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
PRC - [2004/08/26 16:35:38 | 000,439,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngctw32.exe
PRC - [2004/07/23 00:46:42 | 000,017,408 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
PRC - [2004/07/23 00:44:32 | 000,040,960 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2003/03/05 13:49:00 | 000,335,872 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\WinVNC\winvnc.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/10 22:55:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/07/23 00:41:12 | 000,184,320 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger Plus 3.3\J2GPfcW.dll
MOD - [2004/07/23 00:33:48 | 000,545,280 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger Plus 3.3\J2GRes_Enu.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2008/05/20 04:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/08/26 16:35:38 | 000,439,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGClient)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/03/05 13:49:00 | 000,335,872 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\WinVNC\WinVNC.exe -- (winvnc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\kbstuff5.sys -- (kbstuff)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\idisw2km.sys -- (idisw2km)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/12/11 02:00:00 | 001,360,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101211.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/11 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101211.006\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/15 13:50:36 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/15 13:50:36 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/05/20 04:00:00 | 000,023,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/08 17:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/17 17:23:04 | 000,005,248 | --S- | M] (ACE CAD Enterprise Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DigimHID.SYS -- (DigimHID)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/02 01:15:14 | 000,196,409 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0060Vid.sys -- (V0060VID)
DRV - [2004/08/26 16:04:08 | 000,198,720 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ghpcw2k.sys -- (GhPostConfig_Auto)
DRV - [2004/08/26 16:04:08 | 000,198,720 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\ghpcw2k.sys -- (GhPostConfig)
DRV - [2004/08/26 16:03:58 | 000,006,496 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\ghmon.sys -- (GhMon)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 12:49:42 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 15 06 34 65 97 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.496
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.fresh-search.net/?sid=10101069100&s="
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.fresh-search.net/?sid=10101069100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/28 22:47:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/02 21:59:40 | 000,000,000 | ---D | M]

[2009/04/21 09:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/12/07 18:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ag21vps.default\extensions
[2010/07/27 19:36:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ag21vps.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/22 16:48:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ag21vps.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/22 16:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ag21vps.default\extensions\LogMeInClient@logmein.com
[2010/12/07 18:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 21:59:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/13 22:17:21 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/09/13 22:17:21 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/09/13 22:17:32 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/04/23 11:04:23 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/09/13 22:17:20 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/12/02 21:59:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/03/21 12:25:19 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
[2010/11/08 04:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/12/06 22:47:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VF0060 STISvc] C:\WINDOWS\System32\V0060Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\RealVNC\WinVNC\WinVNC.exe (RealVNC Ltd.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: ccsend.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: constantcontact.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: ic.aiall ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: icrossing.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: icrossing.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: projectorpsa.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: proxicom.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: prxm.corp ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: zendesk.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/68.08/uploader2.cab (UploadListView Class)
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} http://192.168.10.140/img/NetCamPlayerWeb11g.ocx (NetCamPlayerWeb11g Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264198550417 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264199414715 (MUWebControl Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://192.168.15.253:8080/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://compuwaremc.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\ezstor {6344A3A0-96A7-11D4-88CC-000000000000} - C:\WINDOWS\system32\viewers\ezspp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/25 09:25:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/14 23:25:54 | 000,000,029 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/06/14 23:25:44 | 000,000,029 | R--- | M] () - D:\AUTORUN.INI -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 13:05:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/12/10 22:54:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/08 23:27:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/12/08 22:10:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/04 14:20:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/04 14:20:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/04 14:20:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/04 14:20:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/04 14:19:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/02 21:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/12/02 11:18:57 | 000,000,000 | ---D | C] -- C:\HouseBeautiful
[2010/12/02 11:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/12/02 10:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/12/02 10:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/11/30 20:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/30 19:01:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/30 18:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/30 18:13:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/11/25 01:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/11/20 14:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/11/17 20:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/14 19:31:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/13 19:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/11/13 16:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/13 16:57:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 16:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 16:57:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 16:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 12:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mJiBo02042
[2010/11/13 12:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/13 11:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/13 11:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/13 10:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/13 10:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2010/12/12 18:51:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/12 09:51:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 11:35:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/10 22:55:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/10 17:44:30 | 000,000,454 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/12/10 17:42:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/10 17:40:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/10 17:40:06 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/08 23:24:07 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
[2010/12/08 21:34:37 | 003,987,017 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/06 22:47:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/05 09:14:46 | 000,466,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/05 09:14:46 | 000,079,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/02 21:47:26 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/12/02 21:31:22 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/12/02 20:54:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/02 11:14:57 | 467,558,392 | ---- | M] () -- C:\HouseBeautiful.zip
[2010/12/02 10:55:47 | 000,007,155 | ---- | M] () -- C:\Wildcard_In_House_Distribution.mobileprovision
[2010/12/01 10:22:04 | 000,015,742 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Payment Confirmation - StateFarm_com.htm
[2010/11/30 20:43:29 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/11/30 19:36:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Txamirit.dat
[2010/11/30 19:02:08 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2010/11/30 18:13:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/11/30 18:13:08 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JavaRa.zip
[2010/11/30 18:11:41 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 19:08:55 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/13 16:57:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 14:00:36 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\install

========== Files Created - No Company Name ==========

[2010/12/08 23:24:03 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
[2010/12/04 14:20:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/04 14:20:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/04 14:20:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/04 14:20:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/04 14:20:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/04 12:58:58 | 003,987,017 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/02 21:47:26 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/12/02 21:31:13 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/12/02 10:55:46 | 000,007,155 | ---- | C] () -- C:\Wildcard_In_House_Distribution.mobileprovision
[2010/12/02 10:55:19 | 467,558,392 | ---- | C] () -- C:\HouseBeautiful.zip
[2010/12/01 10:22:04 | 000,015,742 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Payment Confirmation - StateFarm_com.htm
[2010/11/30 20:43:29 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/11/30 19:02:08 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2010/11/30 19:02:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/30 18:13:06 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\JavaRa.zip
[2010/11/30 18:11:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2010/11/26 16:43:49 | 001,209,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IMG_5316.JPG
[2010/11/24 19:00:35 | 3210,891,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/20 09:11:36 | 000,005,588 | R--- | C] () -- C:\WINDOWS\VF0060.uns
[2010/11/13 19:08:55 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/13 16:57:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 14:00:36 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/11/13 12:25:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Txamirit.dat
[2010/09/14 19:34:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Project Templates
[2010/09/14 19:34:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Printers
[2010/09/14 19:34:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2010/09/14 19:34:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Quartz Composer
[2010/09/14 19:34:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\PrintingModule
[2010/09/14 19:33:56 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 21:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/09/12 21:07:39 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/09/12 20:56:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Synthesizers
[2010/09/12 20:56:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Horns
[2010/09/12 20:56:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/09/12 20:54:01 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Chords
[2010/09/12 20:54:01 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\HomePageService
[2010/09/12 20:54:01 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/08/28 23:59:56 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 12:35:55 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/02 12:03:57 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/08/02 12:03:38 | 000,000,688 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/08/02 11:58:41 | 000,011,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/08/02 11:42:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/02/10 10:58:39 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/11 08:39:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/09/08 07:36:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/08/27 15:14:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008/07/16 14:43:31 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/31 09:40:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS\ftcun2k.ini
[2007/01/31 09:40:47 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2007/01/31 09:40:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftcun2k.ini
[2007/01/31 09:40:46 | 000,000,090 | ---- | C] () -- C:\WINDOWS\ftdiun2k.ini
[2007/01/31 09:40:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006/10/27 08:32:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/10/27 08:32:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/06/09 13:44:22 | 000,000,454 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/12/01 08:32:24 | 000,000,110 | ---- | C] () -- C:\WINDOWS\fiery.ini
[2004/12/01 08:26:58 | 000,000,095 | ---- | C] () -- C:\WINDOWS\TOCR.ini
[2004/12/01 07:49:42 | 000,000,278 | ---- | C] () -- C:\WINDOWS\efinl.ini
[2004/11/05 11:01:25 | 000,000,074 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2004/11/02 14:03:03 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2004/11/02 14:03:03 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2004/11/02 13:58:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2004/10/25 08:02:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/22 11:13:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/19 11:11:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BarracudaAddin.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/11/13 12:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.purple
[2009/04/20 15:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
[2010/12/02 10:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2009/04/20 15:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\j2 Global
[2010/08/29 14:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
[2010/09/14 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
[2010/10/21 11:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
[2010/01/22 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/11/02 22:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2006/12/01 11:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2005/10/27 12:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2007/01/02 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DesktopStandard
[2010/09/14 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/09/14 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Filter
[2010/09/14 19:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Folder Actions
[2007/03/14 09:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Homestead
[2005/10/27 10:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2004/11/05 11:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\j2 Global
[2010/08/20 18:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2010/11/15 21:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mJiBo02042
[2005/03/15 07:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/09/12 20:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/12/28 07:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/09/12 20:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pick Bass
[2010/09/12 20:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintingModule
[2010/09/14 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/02/07 05:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/15 21:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2008/09/11 07:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zulohwlw
[2010/08/15 19:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/10/25 09:25:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/10 17:39:36 | 000,001,010 | ---- | M] () -- C:\avenger.txt
[2008/09/11 08:02:18 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2010/11/30 19:02:08 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2010/10/15 09:51:30 | 000,052,717 | ---- | M] () -- C:\Bug_report_1015.htm
[2010/10/15 09:57:24 | 000,027,648 | ---- | M] () -- C:\Bug_report_1015.xls
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/08 22:24:23 | 000,025,075 | ---- | M] () -- C:\ComboFix.txt
[2004/10/25 09:25:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/10 09:44:29 | 004,945,660 | ---- | M] () -- C:\efax.zip
[2004/10/25 10:16:58 | 000,004,096 | -H-- | M] () -- C:\gvpcfg.bin
[2010/12/10 17:40:06 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/02 11:14:57 | 467,558,392 | ---- | M] () -- C:\HouseBeautiful.zip
[2004/10/25 09:25:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/02 21:52:49 | 000,013,607 | ---- | M] () -- C:\JavaRa.log
[2010/08/02 12:39:01 | 000,000,895 | ---- | M] () -- C:\mombi.log
[2004/10/25 09:25:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/10/25 09:08:25 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/27 09:22:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/10 17:40:04 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2004/10/25 10:16:58 | 025,165,824 | ---- | M] () -- C:\VIRTPART.DAT
[2010/12/02 10:55:47 | 000,007,155 | ---- | M] () -- C:\Wildcard_In_House_Distribution.mobileprovision

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 03:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2004/10/25 09:24:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/27 08:32:00 | 000,070,144 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DKAAY54C.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/10/22 11:11:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/22 11:11:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/22 11:11:52 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/27 09:44:51 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/10/30 14:20:09 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/10/25 09:32:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/07/31 23:56:51 | 531,598,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AiO_071_000_201_000_CDA_Default-Full_Network_AmericasEuro1_NB.exe
[2008/05/30 23:09:46 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avenger.exe
[2010/12/08 21:34:37 | 003,987,017 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/30 18:11:41 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2010/12/10 22:55:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/10 08:42:26 | 010,917,368 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\picasa38-setup.exe
[2010/09/12 20:53:46 | 046,424,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\S-CNX2__-224WF-NSAEN-32BIT_.exe
[2010/09/12 20:53:26 | 070,739,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\S-VNX2__-201WF-NSAEN-32BIT_.exe
[2010/11/30 18:13:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >
[2008/06/23 14:15:19 | 000,000,008 | ---- | M] () -- C:\WINDOWS\java\pord.wed

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/08/09 19:02:06 | 000,641,473 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Administrator\My Documents\JavaRa.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2004/03/23 13:52:00 | 000,025,316 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\FTCSENUM.SYS
[2004/03/23 19:36:00 | 000,056,031 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\FTCSER2K.SYS
[2004/03/31 12:34:00 | 000,043,058 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\FTCUSB.SYS
[2004/06/11 20:15:44 | 000,010,498 | ---- | M] () -- C:\WINDOWS\Driver Cache\ftdibus.cat
[2004/04/20 11:04:56 | 000,024,209 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\ftdibus.sys
[2004/06/11 20:16:12 | 000,010,504 | ---- | M] () -- C:\WINDOWS\Driver Cache\ftdiport.cat
[2004/04/20 11:05:10 | 000,057,404 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\ftser2k.sys
[2005/03/09 15:50:20 | 000,033,792 | ---- | M] () -- C:\WINDOWS\Driver Cache\libusb0.sys
[2006/05/16 18:55:18 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\usbser.sys

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/10/30 14:20:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/11 18:26:53 | 000,002,000 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/12 14:45:41 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/07/16 09:26:44 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/07/16 09:32:59 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/07/16 09:33:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/07/16 09:34:32 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Yesterday's Extras.txt log file.

OTL Extras logfile created on: 12/10/2010 10:59:59 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 35.86 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
Drive D: | 7.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"59152:UDP" = 59152:UDP:*:Enabled:SonicWALL Compliance 59152
"59153:UDP" = 59153:UDP:*:Enabled:SonicWALL Compliance 59153
"1234:TCP" = 1234:TCP:LocalSubNet:Enabled:mediahandler

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Ghost\ngctw32.exe" = C:\Program Files\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Win32 Client Agent -- (Symantec Corporation)
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Psi\psi.exe" = C:\Psi\psi.exe:*isabledsi -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Ghost\ngctw32.exe" = C:\Program Files\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Win32 Client Agent -- (Symantec Corporation)
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2b02f834-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Professional Services Edition 2004
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FE11D22-D877-4700-08C1-89A1B9B00045}" = Symantec Ghost Console Client
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50EF6812-7B51-4459-A52D-B4776DAAA415}" = ACECAD DigiMemo Manager
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54D0CC3E-A83A-475A-83EE-E9AF8AFB9538}" = WebEx Meeting Manager for Mozilla Firefox/Netscape Navigator
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67C8FF73-8A8D-45EB-9F46-AD2B3BCF0762}" = Nokia Dicas Codecs
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7723A0B8-23A2-454B-8831-99965558AECD}" = Documents To Go
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5FCC3DE-56BD-48b2-8054-4BBE70BE186B}" = eFax Messenger Plus 3.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{D002159B-91CD-48E5-96D1-C476BA3DECB3}" = 3100_3200_3300_Help
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3227BD6-7D66-4B96-BA01-C21FB1F2224D}" = 3100_3200_3300trb
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1D94FAD-CFA4-4B76-91D9-28F5AB18A431}" = 3300
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E67FAA8D-58E0-433C-833C-6647CDB14AB0}" = Macromedia Flash Player 8
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"AudibleManager" = AudibleManager
"Barracuda Networks Outlook Plugin_is1" = Barracuda Networks Outlook Plugin 0.9d
"Buzz Lightyear Astro Blasters" = Buzz Lightyear Astro Blasters
"Capture NX 2" = Capture NX 2
"Creative VF0060" = Creative WebCam Live! Ultra Driver (1.01.03.0127)
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Chrome" = Google Chrome
"GTK 2.0" = GTK+ Runtime 2.12.1 rev a (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"Internet Tablet Video Converter_is1" = Internet Tablet Video Converter 0.22
"LimeWire" = LimeWire 4.16.6
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Past-Track" = LAS Tracking Key / 3100 Programs
"Photocopier_is1" = Photocopier Version 2.28
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"RDC" = RDC
"TOCR 1.1" = Transym TOCR
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Hindsight Professional Edition_is1" = Visual Hindsight Professional Edition 1.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinVNC_is1" = VNC 3.3.7
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2010 5:35:48 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 12/2/2010 5:40:48 PM | Computer Name = COMPUTER | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/2/2010 6:22:30 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 70.0.170.0, faulting module
hpzidr12.dll, version 10.1.1.5, fault address 0x00007209.

Error - 12/2/2010 7:20:29 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
hpzidr12.dll, version 10.1.1.5, fault address 0x00007209.

Error - 12/4/2010 5:18:51 PM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 3344) Time: Saturday, December 04, 2010 2:18:51
PM

Error - 12/7/2010 6:55:45 PM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{D0DA8DCA-151D-4AF6-903A-D038BE3027DE}\RP3\A0001528.sys by:
Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 12/7/2010 6:55:48 PM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume Information\_restore{D0DA8DCA-151D-4AF6-903A-D038BE3027DE}\RP3\A0001528.sys
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 12/7/2010 6:55:48 PM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{D0DA8DCA-151D-4AF6-903A-D038BE3027DE}\RP3\A0001528.sys by:
Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 12/9/2010 12:33:14 AM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 432) Time: Wednesday, December 08, 2010 9:33:14
PM

Error - 12/9/2010 2:37:04 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 70.0.170.0, faulting module
hpzidr12.dll, version 10.1.1.5, fault address 0x00007209.

[ System Events ]
Error - 12/7/2010 1:44:48 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_QEVUUE\0000 disappeared from the system without
first being prepared for removal.

Error - 12/7/2010 1:53:48 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 12/7/2010 12:46:26 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440 IntelIde

Error - 12/7/2010 12:49:38 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 12/9/2010 2:29:33 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440 IntelIde

Error - 12/9/2010 2:32:58 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 12/10/2010 8:42:48 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440 IntelIde

Error - 12/10/2010 8:45:09 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >

computer performance is much better, thanks to you.
MBAM came negative for a change .

All processes killed
========== OTL ==========
Prefs.js: "Search" removed from browser.search.order.1
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: "" removed from network.proxy.no_proxies_on
C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\7ag21vps.default\user.js moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ccsend.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\constantcontact.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ic.aiall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\icrossing.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\icrossing.net\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\projectorpsa.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\proxicom.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\prxm.corp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zendesk.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Network Associates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint folder moved successfully.
C:\Documents and Settings\All Users\Application Data\zulohwlw folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 8403354 bytes
->Temporary Internet Files folder emptied: 6770687 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58693025 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8130 bytes

User: Administrator.AZSRV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: alavelle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: alester
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: amin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ateeples
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: bfranklin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: cganey
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: chyder
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dmaher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: helpstar
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jalire
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JayV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jayv.IC077
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jberg
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jbrickles
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: jlesmes
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jmarlow
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jstinson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jstrong
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: kbrown
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114822 bytes
->Flash cache emptied: 434 bytes

User: mandrews
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mherman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mvallone
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nbond
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ndichristofano
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 571938 bytes
->Flash cache emptied: 0 bytes

User: rchavez
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: sgranger
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: sromandetti
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ssuresh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: tdelaca
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: tlok
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 71.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.AZSRV

User: alavelle

User: alester

User: All Users

User: amin

User: ateeples

User: bfranklin

User: cganey
->Flash cache emptied: 0 bytes

User: chyder
->Flash cache emptied: 0 bytes

User: Default User

User: dmaher
->Flash cache emptied: 0 bytes

User: helpstar

User: jalire

User: JayV
->Flash cache emptied: 0 bytes

User: jayv.IC077
->Flash cache emptied: 0 bytes

User: jberg
->Flash cache emptied: 0 bytes

User: jbrickles

User: jlesmes
->Flash cache emptied: 0 bytes

User: jmarlow
->Flash cache emptied: 0 bytes

User: jstinson
->Flash cache emptied: 0 bytes

User: jstrong

User: kbrown
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: mandrews
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser

User: mherman

User: mvallone
->Flash cache emptied: 0 bytes

User: nbond
->Flash cache emptied: 0 bytes

User: ndichristofano
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: rchavez
->Flash cache emptied: 0 bytes

User: sgranger
->Flash cache emptied: 0 bytes

User: sromandetti
->Flash cache emptied: 0 bytes

User: ssuresh
->Flash cache emptied: 0 bytes

User: tdelaca
->Flash cache emptied: 0 bytes

User: tlok
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12122010_210453

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...