I have been infected by Malware indicating your "Computer is Infected" in lower toolbar. I have begun the Malware and Spyware Cleaning Guide as requested. I ran the Malwarebytes' Anti-Malware and completed the scan and was asked to reboot the computer.

Right before I was about to reboot a "Windows File Protection" Popup appreared, saying:

"Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files."

"Insert your Windows XP Home Edition CD-ROM now."

Should I ignore this popup and proceed with the reboot?

Hello, bucdup, and welcome to GeeksToGo!

That is part of Windows File Protection Service. It detects if core system files have been altered, such as by malware. If you have your XP CD, feel free to put that in and let it fix whatever it finds. If not, you can reboot, and I'll take a better look to see what may be affected. When you do get a chance to reboot, go through the rest of the Malware and Spyware Cleaning guide and post the following logs here for me to look over.

1. Malwarebytes' Anti-Malware log
2. OTL.txt and Extras.txt
3. RootRepeal.txt

I ran MBAM and rebooted no problems, did the windows updates, but when I try to run the Rootkit Detection the program just freezes during initilizing. I rebooted and tried again, no luck.

That's okay, post the MBAM log, and move on to OTL.

MBAM Log

Malwarebytes' Anti-Malware 1.40
Database version: 2601
Windows 5.1.2600 Service Pack 2

8/11/2009 3:55:44 PM
mbam-log-2009-08-11 (15-55-44).txt

Scan type: Quick Scan
Objects scanned: 107363
Time elapsed: 57 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.

OTL

OTL logfile created on: 8/11/2009 5:43:44 PM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.48% Memory free
3.35 Gb Paging File | 2.78 Gb Available in Paging File | 82.96% Paging File free
Paging file location(s): C:\pagefile.sys 1535 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 12.80 Gb Free Space | 33.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.28 Gb Total Space | 918.57 Gb Free Space | 98.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brss01a.exe
PRC - [2003/10/30 18:48:46 | 01,392,744 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/05/15 18:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2009/06/30 10:00:14 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/05/05 19:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINNT\System32\Brmfrmps.exe
PRC - [2005/01/26 12:47:42 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
PRC - [2005/11/30 05:47:52 | 00,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoctrl.exe
PRC - [2002/05/03 14:36:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\NMSSvc.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINNT\System32\HPZipm12.exe
PRC - [2002/08/19 01:00:00 | 00,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2008/09/10 23:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/06/30 10:00:33 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/22 08:37:55 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Explorer.exe
PRC - [2001/01/03 16:50:56 | 00,066,048 | ---- | M] (Silitek Corporation) -- C:\WINNT\System32\SK9910DM.EXE
PRC - [2002/08/06 17:24:14 | 00,090,112 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe
PRC - [2002/05/14 22:29:02 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\igfxtray.exe
PRC - [2002/05/14 22:20:50 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\hkcmd.exe
PRC - [2006/07/15 12:40:45 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PRC - [2002/07/16 22:21:48 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2004/12/22 12:40:30 | 00,172,032 | ---- | M] (HP) -- C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb99.exe
PRC - [2004/09/09 15:00:04 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2001/11/07 15:25:54 | 00,020,480 | ---- | M] (BVRP Software) -- C:\Program Files\PhoneTools\CapFax.EXE
PRC - [2005/03/17 00:59:35 | 00,622,592 | ---- | M] (Hewlett-Packard) -- C:\WINNT\System32\hphmon07.exe
PRC - [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/08/10 22:10:36 | 00,122,880 | R--- | M] (Visual Networks) -- C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
PRC - [2005/08/10 22:10:36 | 00,380,928 | R--- | M] (Visual Networks) -- C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
PRC - [2004/04/14 14:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/08/14 17:47:52 | 00,061,325 | ---- | M] () -- C:\Program Files\RSSoft\RedSwoosh.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/30 10:00:26 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2003/09/01 18:52:42 | 00,376,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2005/09/22 21:15:15 | 00,300,856 | ---- | M] (ProStores, Inc.) -- C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2006/05/09 20:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1160657761\ee\aolsoftware.exe
PRC - [2004/11/04 20:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
PRC - [2008/09/11 01:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/11/04 20:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2007/05/18 13:47:03 | 00,112,408 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\Toolbar\SBUpdate.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/08/11 17:36:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2002/07/11 01:04:26 | 00,094,276 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\MSWorks.exe
PRC - [2005/09/01 16:24:56 | 00,942,080 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
PRC - [2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/06/30 10:00:32 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

========== Win32 Services (SafeList) ==========

SRV - [2003/10/30 18:48:46 | 01,392,744 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/05/15 18:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/06/30 10:00:14 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2003/05/05 19:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINNT\System32\Brmfrmps.exe -- (brmfrmps [Auto | Running])
SRV - [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/26 12:47:42 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe -- (EarthLinkMonitor [Auto | Running])
SRV - [2005/11/30 05:47:52 | 00,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoctrl.exe -- (ewido security suite control [Auto | Running])
SRV - [2005/12/18 13:41:35 | 00,151,616 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoguard.exe -- (ewido security suite guard [Disabled | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/05/15 18:24:33 | 02,086,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2002/05/03 14:36:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\NMSSvc.exe -- (NMSSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINNT\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2002/08/19 01:00:00 | 00,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2008/09/10 23:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2008/08/08 22:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2008/03/06 16:19:44 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/03/06 16:19:40 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2008/03/06 16:19:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2004/11/02 17:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])
SRV - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srcasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
IE - URLSearchHook: ~00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (3783 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localmachine # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zgallery.us # ***Inserted By STOPzilla***
O1 - Hosts: 29 more lines...
O2 - BHO: (no name) - rsion - No CLSID value found.
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE (BVRP Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] C:\WINNT\System32\SK9910DM.EXE (Silitek Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb99.exe (HP)
O4 - HKLM..\Run: [HPHmon07] C:\WINNT\System32\hphmon07.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Jwx6RRY8j] File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [mSpotAlltelRemix] C:\Program Files\Alltel Jump Music\Remix\msptcmd.exe (MSpot)
O4 - HKCU..\Run: [ProStoresStoreMonitor] C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe (ProStores, Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [wmvdmoe] C:\WINNT\System32\wmvdmoe.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>Accessories\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} http://www.miniclip.com/platypus/miniclipGameLoader.dll (CR64Loader Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://www.reflexive.net/rlwweb/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {466E3A9C-0632-4041-B772-2D8F441500CD} http://home.channelvision.com/servp14.cab (ServerPushBox Class)
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} hcp://system/TechTools.CAB (TechToolsActivex.TechTools)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/8...44/mpg4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} http://opal.pascocountyfl.net/permit/opalplayerx5.cab (Opalplayerx5 Control)
O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync...ncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1124906288500 (WUWebControl Class)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers...ll/pinstall.cab (Install Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (HouseCall Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control)
O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync...ncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22.com/view22/app/view22rte.cab (View22RTE Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab (SiteBuilderEditor Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cru629.dat) - File not found
O20 - AppInit_DLLs: (FILES\COM) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\DOCUME~1\Owner\LOCALS~1\Temp\513887343.exe) - C:\DOCUME~1\Owner\LOCALS~1\Temp\513887343.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido\security suite\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINNT\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/11 17:36:13 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/11 16:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RootRepeal
[2009/08/11 16:24:56 | 00,462,996 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/08/11 11:04:58 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WindowsDefender.msi
[2009/08/11 09:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/08/11 09:36:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/11 09:36:26 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/08/11 09:36:24 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/08/11 09:36:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/11 09:36:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/11 09:29:51 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/08/11 09:27:08 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/08/11 09:25:34 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/11 09:25:32 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/11 09:25:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/11 09:24:30 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/08/11 09:22:21 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/08/10 14:54:50 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/09 20:33:04 | 00,055,347 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab_report_template.rtf
[2009/08/09 18:01:01 | 00,000,000 | ---D | C] -- C:\Program Files\Shared

========== Files - Modified Within 14 Days ==========

[2009/08/11 17:36:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/11 16:54:16 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/08/11 16:49:23 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/08/11 16:49:10 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/08/11 16:49:04 | 21,452,43136 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/11 16:45:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/08/11 16:45:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/08/11 16:24:56 | 00,462,996 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/08/11 15:57:05 | 02,114,588 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/08/11 15:56:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/11 15:56:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/11 11:04:58 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WindowsDefender.msi
[2009/08/11 09:36:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/11 09:30:01 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/08/11 09:25:34 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/11 09:25:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/11 09:24:38 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/08/11 09:22:23 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/08/11 08:37:47 | 00,060,374 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2009/08/11 08:37:46 | 39,735,262 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2009/08/10 17:52:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/10 17:52:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/10 15:48:29 | 00,002,133 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/10 15:09:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/08/10 15:09:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/08/10 14:54:51 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/09 20:33:04 | 00,055,347 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab_report_template.rtf
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/08/03 09:15:33 | 00,000,036 | ---- | M] () -- C:\WINNT\iltwain.ini
[2009/07/31 08:53:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/07/31 08:53:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/07/29 08:17:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/07/29 08:17:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

========== LOP Check ==========

[2009/08/11 09:36:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/22 20:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/07/24 20:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/03/24 17:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/12/29 10:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/05/22 08:38:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/20 14:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/04/01 17:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2005/02/17 20:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/29 16:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2002/09/03 15:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/07/24 20:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/02/20 14:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/12/25 10:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/13 13:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/10/16 12:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/03/10 08:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/08/11 09:36:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2006/04/09 10:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2007/12/20 10:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2006/07/24 20:30:50 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Owner\Application Data\Brother
[2007/02/06 11:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CamfrogWEB
[2007/05/18 13:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Earthlink
[2006/01/18 19:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EarthLink Toolbar
[2007/12/25 20:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
[2009/02/06 09:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2003/01/09 20:53:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2006/12/29 10:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intuit
[2004/09/09 15:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/06 21:57:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LEGO Company
[2007/06/11 12:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2009/06/01 12:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2009/05/29 17:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Roxio
[2007/05/18 13:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScamBlocker
[2006/07/25 08:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2005/05/16 09:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOPzilla!
[2009/08/11 10:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2006/08/13 14:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2009/02/27 19:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2007/01/30 13:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2005/04/13 07:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2009/07/15 07:32:00 | 00,000,284 | ---- | M] () -- C:\WINNT\Tasks\AppleSoftwareUpdate.job
[2002/08/29 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2009/08/11 16:49:23 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
< End of report >

Extras

OTL Extras logfile created on: 8/11/2009 5:43:45 PM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.48% Memory free
3.35 Gb Paging File | 2.78 Gb Available in Paging File | 82.96% Paging File free
Paging file location(s): C:\pagefile.sys 1535 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 12.80 Gb Free Space | 33.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.28 Gb Total Space | 918.57 Gb Free Space | 98.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Disabled:Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1160657761\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1160657761\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1160657761\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1160657761\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe" = C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe:*:Enabled:Single Click System Restore Point -- (Doug Knox)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 SE Basic
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07982F29-C7D6-423F-A100-C0FC67D0EC2F}" = EarthLink Wireless High Speed
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{0F8267D9-3E3D-4187-83AE-863207A935CC}" = MX-3000 Editor
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{194BFA8B-8ABF-43F4-A4B5-A38F6B21C3C2}" = Google AdWords Editor
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B471546-EC64-47D0-8FAE-BF8E42BA80E3}" = TX-1000 Editor
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30C6798C-2BA6-47AC-AD99-F60F0EBF665D}" = MX-900 Editor
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{40939C6D-8F27-40B8-9CBC-72701624185D}" = Redistributed Files
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0 SE for SANYO
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{47D684C4-817D-11D5-818F-009027864C7F}" = pressplay
"{4E9ECFE6-C110-4668-80E7-76B390CA7C85}" = RackTools 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{5558CA45-8387-4045-8CB0-5AB1F9981845}" = PS380
"{565E29BB-5863-46FD-ABF3-8074FBB5BAFF}" = QBFC 4.0
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DC4AA18-97B1-46E3-A52E-D699BE79F5D6}" = TheaterTouch Designer
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61CF7144-1108-445F-8460-0557B163BA8D}" = b-PAC Client Component
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADB8339-B572-4D6A-884A-5BAA3B1C13D8}" = 2008 National Electrical Estimator
"{6EEBE4C8-A7C2-41F5-9C6E-AE2498E2F19D}" = TheaterTouch Designer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{703DE3AE-513C-11D6-B2F9-0002A5E32BEF}" = Pinball Panic
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7797C70B-11EB-446A-9B1E-3D9039DB581F}" = TotalAccess Core Applications
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{870842F7-18BB-479D-A7B1-FE17E81AFF1A}" = Palm Desktop
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 845G Chipset Graphics Driver Software
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BE52CF1-7AAD-4DE6-8967-44DA89343FF3}" = MX-880 Editor
"{8C9DCE36-A270-4740-8084-A27B48C2F83E}" = Orion Editor
"{8D335ACB-C23D-48DD-9493-BF88BF7B9AE0}" = MSC Editor
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92F08885-8871-4630-B7A0-2C0A6AC45F29}" = Complete Control Suite
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B762B2A5-883B-454B-A586-1DF6C4528262}" = MX-950 Editor
"{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}" = EarthLink Toolbar
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}" = EarthLink FastLane
"{C057F6D0-0E4C-4B18-B645-9D0804FCFAFD}" = EarthLink Common Authentication
"{C1A4385C-74B9-47ED-B88F-5E8A810C2CBC}" = Motorola Phone Tools
"{C8EEAA89-0A3E-441f-B646-17A46F5D6954}" = Photosmart 330,380 Series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1CD48D-7B18-4254-B43D-AEAB704AB063}" = EarthLink MailBox
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E533AADD-A6D9-4868-B017-932AB46BAF20}" = PSPrinters07
"{F6727074-BF89-4A3E-A5F7-CB36C521E674}" = Motion Director
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF087B26-DD20-4DD0-B97F-0B08B76A04D1}" = Deal Info
"3D Home Architect Deluxe 3.0" = 3D Home Architect® Deluxe 3.0
"3DGroove" = OTOY
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AF6FB714D7B4E3BCEC063A7122BE735D643BBB51" = Windows Driver Package - RTI (RTIUSB) Control Device (12/14/2005 1.01.101)
"Alltel Jump Music 1.1.5" = Alltel Jump Music 1.1.5
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG8Uninstall" = AVG Free 8.5
"BBMediaSyncUninstall" = BlackBerry Media Sync
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"Canon Camera WIA Driver IXY 200a, PowerShot S200, IXUS v2" = Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"CleanUp!" = CleanUp!
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative NOMAD II Driver" = Creative NOMAD II Driver
"Do More" = Do More
"DYMO Label Software" = DYMO Label Software
"DYMO QuickBooks Add-In" = DYMO QuickBooks Add-In
"DYMO Stamps" = DYMO Stamps
"EarthLink TotalAccess 2004" = EarthLink Software
"ERUNT_is1" = ERUNT 1.1j
"Evrsoft First Page 2006_is1" = Evrsoft First Page 2006
"ewidoantimalware" = ewido anti-malware
"ewidosecuritysuite" = ewido security suite
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"HijackThis" = HijackThis 1.99.1
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"LiteJet_is1" = LiteJet 2.10.02
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"mSpot" = Music Powered by Celltop 1.2.5
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOMAD Jukebox 3 Driver" = NOMAD Jukebox 3 Driver
"NoteBurner_is1" = NoteBurner 2.11
"Pacific Poker" = Pacific Poker
"Panda ActiveScan" = Panda ActiveScan
"PROSet" = Intel® PRO Ethernet Adapter and Software
"ProStoresStoreMonitor" = ProStores Store Monitor (remove only)
"PX: {20BBF229-A337-40AD-9FEB-2C98CDA53D1C}" = Gateway Rhapsody
"RealPlayer 6.0" = RealPlayer
"Red Swoosh" = Red Swoosh
"RemoteCapture" = Canon Utilities RemoteCapture 2.4
"Serwpl" = RadioShack USB to Serial Cable
"Shockwave" = Shockwave
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Stop_the_Morbuzakh" = Stop the Morbuzakh (remove only)
"UnityWebPlayer" = Unity Web Player
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Vutec - Screen Machine" = Vutec - Screen Machine
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"New LEGO Digital Designer" = LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2009 11:04:08 AM | Computer Name = MAIN | Source = MsiInstaller | ID = 11327
Description = Product: Windows Defender -- Error 1327. Invalid Drive: G:\

Error - 8/11/2009 11:04:43 AM | Computer Name = MAIN | Source = MsiInstaller | ID = 11327
Description = Product: Windows Defender -- Error 1327. Invalid Drive: G:\

Error - 8/11/2009 11:05:13 AM | Computer Name = MAIN | Source = MsiInstaller | ID = 11327
Description = Product: Windows Defender -- Error 1327. Invalid Drive: G:\

Error - 8/11/2009 11:13:39 AM | Computer Name = MAIN | Source = MsiInstaller | ID = 11920
Description = Product: Windows Defender -- Error 1920. Service 'Windows Defender'
(WinDefend) failed to start. Verify that you have sufficient privileges to start
system services.

Error - 8/11/2009 11:14:09 AM | Computer Name = MAIN | Source = MsiInstaller | ID = 11920
Description = Product: Windows Defender -- Error 1920. Service 'Windows Defender'
(WinDefend) failed to start. Verify that you have sufficient privileges to start
system services.

Error - 8/11/2009 3:25:54 PM | Computer Name = MAIN | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6316.5000, P3
ntdll.dll, P4 5.1.2600.3520, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/11/2009 5:05:44 PM | Computer Name = MAIN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 2/18/2009 8:36:39 AM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 432075
seconds with 4740 seconds of active time. This session ended with a crash.

Error - 2/20/2009 8:19:09 AM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 171717
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 2/23/2009 7:44:05 PM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 264096
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 2/27/2009 8:30:57 AM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 76669
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 3/18/2009 9:49:50 AM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 582732
seconds with 7560 seconds of active time. This session ended with a crash.

Error - 3/25/2009 7:48:47 AM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 46415
seconds with 180 seconds of active time. This session ended with a crash.

Error - 5/7/2009 7:07:21 PM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 810707
seconds with 6300 seconds of active time. This session ended with a crash.

Error - 5/12/2009 8:06:11 AM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 392220
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 5/13/2009 8:46:40 AM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88811
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 5/20/2009 8:40:51 AM | Computer Name = MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 220383
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/11/2009 4:00:06 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%126

Error - 8/11/2009 4:00:06 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/11/2009 4:00:06 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%126

Error - 8/11/2009 4:00:06 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 8/11/2009 4:00:07 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
adpu160m agp440 Beep IntelIde ultra ViaIde

Error - 8/11/2009 4:50:22 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%126

Error - 8/11/2009 4:50:22 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/11/2009 4:50:22 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%126

Error - 8/11/2009 4:50:22 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 8/11/2009 4:50:23 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  CODE
  :OTL
  O2 - BHO: (no name) - rsion - No CLSID value found.
  O4 - HKCU..\Run: [Jwx6RRY8j] File not found
  O4 - HKCU..\Run: [wmvdmoe] C:\WINNT\System32\wmvdmoe.exe File not found
  O20 - AppInit_DLLs: (cru629.dat) - File not found
  O20 - AppInit_DLLs: (FILES\COM) - File not found
  O20 - HKLM Winlogon: Shell - (C:\DOCUME~1\Owner\LOCALS~1\Temp\513887343.exe) - C:\DOCUME~1\Owner\LOCALS~1\Temp\513887343.exe File not found
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  
  
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks so much for your help. I really appreciate it! Here are the logs from the scans you requested.

OTL logfile created on: 8/12/2009 8:55:28 AM - Run 2
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.23% Memory free
3.35 Gb Paging File | 2.93 Gb Available in Paging File | 87.59% Paging File free
Paging file location(s): C:\pagefile.sys 1535 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 12.74 Gb Free Space | 33.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.28 Gb Total Space | 918.57 Gb Free Space | 98.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brss01a.exe
PRC - [2003/10/30 18:48:46 | 01,392,744 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/05/15 18:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2009/06/30 10:00:14 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/05/05 19:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINNT\System32\Brmfrmps.exe
PRC - [2005/01/26 12:47:42 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
PRC - [2005/11/30 05:47:52 | 00,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoctrl.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINNT\System32\HPZipm12.exe
PRC - [2002/08/19 01:00:00 | 00,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2008/09/10 23:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/06/30 10:00:33 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/22 08:37:55 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Explorer.EXE
PRC - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2001/01/03 16:50:56 | 00,066,048 | ---- | M] (Silitek Corporation) -- C:\WINNT\System32\SK9910DM.EXE
PRC - [2002/08/06 17:24:14 | 00,090,112 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe
PRC - [2002/05/14 22:29:02 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\igfxtray.exe
PRC - [2002/05/14 22:20:50 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\hkcmd.exe
PRC - [2006/07/15 12:40:45 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PRC - [2002/07/16 22:21:48 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2004/12/22 12:40:30 | 00,172,032 | ---- | M] (HP) -- C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb99.exe
PRC - [2004/09/09 15:00:04 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2001/11/07 15:25:54 | 00,020,480 | ---- | M] (BVRP Software) -- C:\Program Files\PhoneTools\CapFax.EXE
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2005/03/17 00:59:35 | 00,622,592 | ---- | M] (Hewlett-Packard) -- C:\WINNT\System32\hphmon07.exe
PRC - [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/08/10 22:10:36 | 00,122,880 | R--- | M] (Visual Networks) -- C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
PRC - [2005/08/10 22:10:36 | 00,380,928 | R--- | M] (Visual Networks) -- C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
PRC - [2004/04/14 14:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/08/14 17:47:52 | 00,061,325 | ---- | M] () -- C:\Program Files\RSSoft\RedSwoosh.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/30 10:00:26 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2003/09/01 18:52:42 | 00,376,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2006/05/09 20:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1160657761\ee\aolsoftware.exe
PRC - [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2005/09/22 21:15:15 | 00,300,856 | ---- | M] (ProStores, Inc.) -- C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2004/11/04 20:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
PRC - [2008/09/11 01:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/11/04 20:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2009/08/11 17:36:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2003/10/30 18:48:46 | 01,392,744 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/05/15 18:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/06/30 10:00:14 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2003/05/05 19:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINNT\System32\Brmfrmps.exe -- (brmfrmps [Auto | Running])
SRV - [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/26 12:47:42 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe -- (EarthLinkMonitor [Auto | Running])
SRV - [2005/11/30 05:47:52 | 00,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoctrl.exe -- (ewido security suite control [Auto | Running])
SRV - [2005/12/18 13:41:35 | 00,151,616 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoguard.exe -- (ewido security suite guard [Disabled | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/05/15 18:24:33 | 02,086,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2002/05/03 14:36:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\NMSSvc.exe -- (NMSSvc [Auto | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINNT\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2002/08/19 01:00:00 | 00,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2008/09/10 23:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2008/08/08 22:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2008/03/06 16:19:44 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/03/06 16:19:40 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2008/03/06 16:19:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2004/11/02 17:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])
SRV - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srcasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
IE - URLSearchHook: ~00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (3783 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localmachine # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zgallery.us # ***Inserted By STOPzilla***
O1 - Hosts: 29 more lines...
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE (BVRP Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] C:\WINNT\System32\SK9910DM.EXE (Silitek Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb99.exe (HP)
O4 - HKLM..\Run: [HPHmon07] C:\WINNT\System32\hphmon07.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [mSpotAlltelRemix] C:\Program Files\Alltel Jump Music\Remix\msptcmd.exe (MSpot)
O4 - HKCU..\Run: [ProStoresStoreMonitor] C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe (ProStores, Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>Accessories\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} http://www.miniclip.com/platypus/miniclipGameLoader.dll (CR64Loader Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://www.reflexive.net/rlwweb/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {466E3A9C-0632-4041-B772-2D8F441500CD} http://home.channelvision.com/servp14.cab (ServerPushBox Class)
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} hcp://system/TechTools.CAB (TechToolsActivex.TechTools)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/8...44/mpg4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} http://opal.pascocountyfl.net/permit/opalplayerx5.cab (Opalplayerx5 Control)
O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync...ncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1124906288500 (WUWebControl Class)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers...ll/pinstall.cab (Install Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (HouseCall Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control)
O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync...ncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22.com/view22/app/view22rte.cab (View22RTE Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab (SiteBuilderEditor Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (file) - File not found
O20 - AppInit_DLLs: (not) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido\security suite\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/12 08:38:07 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/11 17:36:13 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/11 16:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RootRepeal
[2009/08/11 16:24:56 | 00,462,996 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/08/11 11:04:58 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WindowsDefender.msi
[2009/08/11 09:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/08/11 09:36:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/11 09:36:26 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/08/11 09:36:24 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/08/11 09:36:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/11 09:36:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/11 09:29:51 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/08/11 09:27:08 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/08/11 09:25:34 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/11 09:25:32 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/11 09:25:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/11 09:24:30 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/08/11 09:22:21 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/08/10 14:54:50 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/09 20:33:04 | 00,055,347 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab_report_template.rtf
[2009/08/09 18:01:01 | 00,000,000 | ---D | C] -- C:\Program Files\Shared

========== Files - Modified Within 14 Days ==========

[2009/08/12 08:45:30 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/08/12 08:44:10 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/08/12 08:43:42 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/08/12 08:43:36 | 21,452,43136 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/12 08:16:30 | 39,765,872 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2009/08/12 08:16:30 | 00,064,313 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2009/08/12 07:32:00 | 00,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2009/08/12 03:12:08 | 00,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2009/08/11 21:15:30 | 00,002,133 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/11 17:36:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/11 16:45:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/08/11 16:45:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/08/11 16:24:56 | 00,462,996 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/08/11 15:57:05 | 02,114,588 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/08/11 15:56:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/11 15:56:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/11 11:04:58 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WindowsDefender.msi
[2009/08/11 09:36:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/11 09:30:01 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/08/11 09:25:34 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/11 09:25:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/11 09:24:38 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/08/11 09:22:23 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/08/10 17:52:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/10 17:52:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/10 15:09:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/08/10 15:09:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/08/10 14:54:51 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/09 20:33:04 | 00,055,347 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab_report_template.rtf
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/08/03 09:15:33 | 00,000,036 | ---- | M] () -- C:\WINNT\iltwain.ini
[2009/07/31 08:53:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/07/31 08:53:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

========== LOP Check ==========

[2009/08/11 09:36:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/22 20:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/07/24 20:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/03/24 17:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/12/29 10:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/05/22 08:38:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/20 14:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/04/01 17:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2005/02/17 20:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/29 16:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2002/09/03 15:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/07/24 20:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/02/20 14:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/12/25 10:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/13 13:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/10/16 12:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/03/10 08:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/08/11 09:36:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2006/04/09 10:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2007/12/20 10:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2006/07/24 20:30:50 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Owner\Application Data\Brother
[2007/02/06 11:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CamfrogWEB
[2007/05/18 13:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Earthlink
[2006/01/18 19:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EarthLink Toolbar
[2007/12/25 20:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
[2009/02/06 09:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2003/01/09 20:53:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2006/12/29 10:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intuit
[2004/09/09 15:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/06 21:57:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LEGO Company
[2007/06/11 12:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2009/06/01 12:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2009/05/29 17:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Roxio
[2007/05/18 13:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScamBlocker
[2006/07/25 08:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2005/05/16 09:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOPzilla!
[2009/08/11 10:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2006/08/13 14:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2009/02/27 19:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2007/01/30 13:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2005/04/13 07:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2009/08/12 07:32:00 | 00,000,284 | ---- | M] () -- C:\WINNT\Tasks\AppleSoftwareUpdate.job
[2002/08/29 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2009/08/12 08:44:10 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
< End of report >

Log from RunFix... not sure if you need it.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\rsion\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jwx6RRY8j deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wmvdmoe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:cru629.dat deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:FILES\COM scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\DOCUME~1\Owner\LOCALS~1\Temp\513887343.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 2551650 bytes
->Temporary Internet Files folder emptied: 139643845 bytes
->Apple Safari cache emptied: 60547 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 9260 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 135.74 mb


OTL by OldTimer - Version 3.0.10.5 log created on 08122009_083807

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:FILES\COM scheduled to be deleted on reboot.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

Wow that scan took quite awhile, but we got there! Thanks again for your help.

Detected
--------
Status Object
------ ------
deleted: virus Email-Worm.Win32.Warezov.gj Email message attachment: Main Identity\Local Folders\Deleted Items\[From:<serv@midmich.net>][Subject:Message is infected : Mail server report.][Time:2006/11/22 02:32:15]/Update-KB3453-x86.zip/Update-KB3453-x86.exe
deleted: malware Hoax.JS.BadJoke.RJump File: C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs
deleted: virus Email-Worm.Win32.Klez.h File: C:\Program Files\Norton AntiVirus\Quarantine\47A94F09//CryptFF
deleted: virus Email-Worm.Win32.Klez.h File: C:\Program Files\Norton AntiVirus\Quarantine\77282FE6//CryptFF
deleted: Trojan program Backdoor.Win32.UltimateDefender.igv File: C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP1260\A0121898.sys
deleted: Trojan program Backdoor.Win32.UltimateDefender.igv File: C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP1260\A0121910.sys
deleted: Trojan program Backdoor.Win32.UltimateDefender.igv File: C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP1260\A0121911.sys
deleted: Trojan program Backdoor.Win32.UltimateDefender.igv File: C:\WINNT\Drivers\beep.sys
deleted: Trojan program Backdoor.Win32.UltimateDefender.igv File: C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP1260\A0122100.sys

Please post a new OTL log.

Is your computer running better now?

Much better! Did we get it?

Also, are you the one who had the link to "Why your computer is running slow"? Not so much now, but I plan on keeping better tabs on how my computer functions from now on. I also loaded the Firefox browser today... where has that been all my life?

I hope that is it. Thank you so much for your help so far.

Oooops.. forgot the OTL log... one sec.

This post has been edited by bucdup: Aug 13 2009, 05:58 PM

OTL log. It did not produce an "extras" log that I can see this time.

OTL logfile created on: 8/13/2009 8:00:27 PM - Run 3
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Owner\Desktop\Virus Removal
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.83% Memory free
3.35 Gb Paging File | 2.76 Gb Available in Paging File | 82.47% Paging File free
Paging file location(s): C:\pagefile.sys 1535 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 12.48 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.28 Gb Total Space | 918.57 Gb Free Space | 98.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brss01a.exe
PRC - [2003/10/30 18:48:46 | 01,392,744 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/05/15 18:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2009/06/30 10:00:14 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/05/05 19:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINNT\System32\Brmfrmps.exe
PRC - [2005/01/26 12:47:42 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
PRC - [2005/11/30 05:47:52 | 00,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoctrl.exe
PRC - [2002/05/03 14:36:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\NMSSvc.exe
PRC - [2002/08/19 01:00:00 | 00,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2008/09/10 23:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/06/30 10:00:33 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Explorer.EXE
PRC - [2001/01/03 16:50:56 | 00,066,048 | ---- | M] (Silitek Corporation) -- C:\WINNT\System32\SK9910DM.EXE
PRC - [2002/08/06 17:24:14 | 00,090,112 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe
PRC - [2002/05/14 22:29:02 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\igfxtray.exe
PRC - [2002/05/14 22:20:50 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\hkcmd.exe
PRC - [2006/07/15 12:40:45 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PRC - [2002/07/16 22:21:48 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2004/12/22 12:40:30 | 00,172,032 | ---- | M] (HP) -- C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb99.exe
PRC - [2004/09/09 15:00:04 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2001/11/07 15:25:54 | 00,020,480 | ---- | M] (BVRP Software) -- C:\Program Files\PhoneTools\CapFax.EXE
PRC - [2005/03/17 00:59:35 | 00,622,592 | ---- | M] (Hewlett-Packard) -- C:\WINNT\System32\hphmon07.exe
PRC - [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/08/10 22:10:36 | 00,122,880 | R--- | M] (Visual Networks) -- C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
PRC - [2005/08/10 22:10:36 | 00,380,928 | R--- | M] (Visual Networks) -- C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
PRC - [2004/04/14 14:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/08/14 17:47:52 | 00,061,325 | ---- | M] () -- C:\Program Files\RSSoft\RedSwoosh.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/30 10:00:26 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/09 20:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1160657761\ee\aolsoftware.exe
PRC - [2003/09/01 18:52:42 | 00,376,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2005/09/22 21:15:15 | 00,300,856 | ---- | M] (ProStores, Inc.) -- C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2004/11/04 20:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
PRC - [2008/09/11 01:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/11/04 20:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/06/30 10:00:32 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/09/11 01:06:08 | 01,135,904 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe
PRC - [2008/07/10 00:38:22 | 00,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks Pro\QBDBMgr.exe
PRC - [2008/09/11 01:06:06 | 00,124,192 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2009/05/22 08:37:55 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2004/07/20 09:34:28 | 00,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINNT\System32\HPZipm12.exe
PRC - [2009/08/11 17:36:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Virus Removal\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2003/10/30 18:48:46 | 01,392,744 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/05/15 18:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/06/30 10:00:14 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2003/05/05 19:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINNT\System32\Brmfrmps.exe -- (brmfrmps [Auto | Running])
SRV - [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINNT\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/26 12:47:42 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe -- (EarthLinkMonitor [Auto | Running])
SRV - [2005/11/30 05:47:52 | 00,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoctrl.exe -- (ewido security suite control [Auto | Running])
SRV - [2005/12/18 13:41:35 | 00,151,616 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoguard.exe -- (ewido security suite guard [Disabled | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/05/15 18:24:33 | 02,086,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2002/05/03 14:36:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\NMSSvc.exe -- (NMSSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINNT\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2002/08/19 01:00:00 | 00,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2008/09/10 23:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2008/08/08 22:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2008/03/06 16:19:44 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/03/06 16:19:40 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2008/03/06 16:19:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2004/11/02 17:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])
SRV - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srcasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
IE - URLSearchHook: ~00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www2.tbo.com/home/"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/13 14:56:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/13 16:00:20 | 00,000,000 | ---D | M]

[2009/02/21 09:35:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/02/21 09:35:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2009/08/13 14:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/13 14:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\5q5o1pha.default\extensions
[2009/08/13 14:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/13 14:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/13 16:00:02 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (3783 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localmachine # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 www.hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 zgallery.us # ***Inserted By STOPzilla***
O1 - Hosts: 29 more lines...
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE (BVRP Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] C:\WINNT\System32\SK9910DM.EXE (Silitek Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb99.exe (HP)
O4 - HKLM..\Run: [HPHmon07] C:\WINNT\System32\hphmon07.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD07] C:\Program Files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [mSpotAlltelRemix] C:\Program Files\Alltel Jump Music\Remix\msptcmd.exe (MSpot)
O4 - HKCU..\Run: [ProStoresStoreMonitor] C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe (ProStores, Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/09/08 17:52:12 | 00,000,000 | ---D | M]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>Accessories\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} http://www.miniclip.com/platypus/miniclipGameLoader.dll (CR64Loader Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://www.reflexive.net/rlwweb/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {466E3A9C-0632-4041-B772-2D8F441500CD} http://home.channelvision.com/servp14.cab (ServerPushBox Class)
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} hcp://system/TechTools.CAB (TechToolsActivex.TechTools)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/8...44/mpg4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} http://opal.pascocountyfl.net/permit/opalplayerx5.cab (Opalplayerx5 Control)
O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync...ncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1124906288500 (WUWebControl Class)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers...ll/pinstall.cab (Install Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (HouseCall Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control)
O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync...ncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22.com/view22/app/view22rte.cab (View22RTE Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab (SiteBuilderEditor Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (file) - File not found
O20 - AppInit_DLLs: (not) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido\security suite\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINNT\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/13 16:23:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Virus Removal
[2009/08/13 16:00:22 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/08/13 16:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/08/13 16:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2009/08/13 15:59:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/08/13 14:56:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2009/08/13 14:55:35 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Firefox Web Browser.lnk
[2009/08/13 14:55:29 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/08/13 07:14:08 | 01,138,720 | -HS- | C] () -- C:\WINNT\System32\drivers\fidbox.dat
[2009/08/13 07:14:08 | 00,014,420 | -HS- | C] () -- C:\WINNT\System32\drivers\fidbox.idx
[2009/08/13 07:14:05 | 21,452,43136 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/12 08:38:07 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/11 09:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/08/11 09:36:26 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/08/11 09:36:24 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/08/11 09:36:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/11 09:36:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/11 09:27:08 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/08/11 09:25:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/09 20:33:04 | 00,055,347 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab_report_template.rtf
[2009/08/09 18:01:01 | 00,000,000 | ---D | C] -- C:\Program Files\Shared

========== Files - Modified Within 14 Days ==========

[2009/08/13 17:10:51 | 39,818,466 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2009/08/13 17:10:51 | 00,065,112 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2009/08/13 16:00:22 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/08/13 14:55:35 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox Web Browser.lnk
[2009/08/13 09:01:16 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/08/13 08:57:35 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/08/13 08:57:21 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/08/13 08:57:15 | 21,452,43136 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/13 08:56:25 | 01,138,720 | -HS- | M] () -- C:\WINNT\System32\drivers\fidbox.dat
[2009/08/13 08:56:25 | 00,014,420 | -HS- | M] () -- C:\WINNT\System32\drivers\fidbox.idx
[2009/08/13 08:55:45 | 01,582,288 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/08/13 08:55:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/08/13 08:55:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/08/12 11:45:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/08/12 11:45:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/08/12 11:39:02 | 00,000,036 | ---- | M] () -- C:\WINNT\iltwain.ini
[2009/08/12 10:12:25 | 00,002,133 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/12 07:32:00 | 00,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2009/08/12 03:12:08 | 00,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2009/08/11 16:45:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/08/11 16:45:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/08/11 15:56:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/11 15:56:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/10 17:52:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/10 17:52:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/10 15:09:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/08/10 15:09:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/08/09 20:33:04 | 00,055,347 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab_report_template.rtf
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/07/31 08:53:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/07/31 08:53:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

========== LOP Check ==========

[2009/08/11 09:36:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/22 20:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/07/24 20:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/03/24 17:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/12/29 10:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/05/22 08:38:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/20 14:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/04/01 17:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2005/02/17 20:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/29 16:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2002/09/03 15:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/07/24 20:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/02/20 14:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/12/25 10:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/13 13:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/10/16 12:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/03/10 08:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/08/13 16:00:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2006/04/09 10:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2007/12/20 10:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2006/07/24 20:30:50 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Owner\Application Data\Brother
[2007/02/06 11:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CamfrogWEB
[2007/05/18 13:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Earthlink
[2006/01/18 19:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EarthLink Toolbar
[2009/08/13 16:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2007/12/25 20:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
[2009/02/06 09:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2003/01/09 20:53:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2006/12/29 10:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intuit
[2004/09/09 15:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/06 21:57:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LEGO Company
[2007/06/11 12:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2009/06/01 12:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2009/05/29 17:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Roxio
[2007/05/18 13:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScamBlocker
[2006/07/25 08:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2005/05/16 09:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOPzilla!
[2009/08/11 10:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2006/08/13 14:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2009/02/27 19:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2007/01/30 13:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2005/04/13 07:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2009/08/12 07:32:00 | 00,000,284 | ---- | M] () -- C:\WINNT\Tasks\AppleSoftwareUpdate.job
[2002/08/29 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2009/08/13 08:57:35 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
< End of report >

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set.

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.1.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.


2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard gives you realtime protection from spyware.
• Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
• Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!

Everything went fine until "Reset and Re-enable you System Restore" I get the error message "System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again" I restarted and still no luck.