[MissVictoria]

Greetings,
I'd like to know what steps to take or what would you need from me to provide to help me with my system problem.
Here it goes.

I've never had this problem before since I've owned a computer and been online for the past 15 years.
Yesterday when I tried to open a folder, I got an error saying "Folder can not be accessible. Access Denied". I made nothing of it and forgot about it. I then tried to open ANOTHER folder today and I got the very same error.

I have never used any passwords or anything to access my folders, I've never shared folders with other computers and I have not done "anything" to my system (upgrades, etc) the whole year, so this happened sudden. Yes, like everyone else, I do some free software downloads once in a gray moon (this week) and I'm 100% sure my system is sick with something that is spreading inside.

I've done a few scans with different software and they all tell me my system has HIGH THREADS but when it comes time to delete or destroy these threads, every software freezes every time and crashes, no matter what software I use to scan my system with it freezes up and does nothing after it finds the Threads.

I'm afraid that if I wait any longer, I won't be able to open ANY files at all.
Please help me and let me know what to do from here.
I use Windows XP ..Hopefully if I need to scan my system with one of your recommended software, it won't crash :-(

Thanks,
Eagerly Awaiting :-)
Ms Victoria

[Advertisements]

Hello MissVictoria and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Let's see what we have here...

Step 1

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[maliprog]

Hello MissVictoria and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Let's see what we have here...

Step 1

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[MissVictoria]

Maliprog,

Great to hear you will help me with this!
I will do the Avast and since the process takes overnight, I will do it early this evening.

Avast is the software I own (the free one) and is the one that freezes on me when it finds the high threads.
Question...
If Avast freezes when it finds the high threads, how do I proceed to Boot-Time Scan then Schedule Now?

I will try it as you're suggestion for sure today though.

I'll download the OTL to my desktop also :-)

Thanks so much for your help,
Ms Victoria

[maliprog]

Please read my AVAST post carefully. You will not run "normal" AVAST scan, as you did before. You will do Boot time scan and that's different. If he founds threads he will deal with it better if he runs in Boot time.

[MissVictoria]

mailprog,

I'm glad I asked that question.. I never knew that section existed haha!
I learned something very important about my Avast today here with you.. thanks!!
I will do the Boot Time Scan according to your instructions today and will report back here again in the morning.

Thanks,
Ms Victoria

[maliprog]

Hi MissVictoria,

That's very important option in AVAST. Sometimes life saver . Please just report here if AVAST manage to remove all findings.

[MissVictoria]

Good Morning maliprog,

I agree with you, AVAST has some sections that are a life saver.
Anyway, I did the Boot Time scan last night and noticed it killed a ton of infected things. I feel better now that my system has less infections.

I have the OTL LOG and the OTL EXTRAS LOG ready for ya and will post each one separately (one post per log) per your request.
By the way, in case you need to know, the problem with my system is still there, the folders are not accessible still :-)
Having said that, here's the OTL LOG

---------------------------------



OTL logfile created on: 8/18/2011 8:15:30 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.30 Mb Total Physical Memory | 111.26 Mb Available Physical Memory | 22.11% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 71.73% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.59 Gb Total Space | 98.26 Gb Free Space | 69.40% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 0.45 Gb Free Space | 6.06% Space Free | Partition Type: FAT32
Drive E: | 7.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JOSHUA | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 08:13:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
PRC - [2011/08/16 19:16:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/28 15:37:24 | 000,182,784 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/12/19 09:57:51 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 08:33:23 | 001,299,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11081701\algo.dll
MOD - [2011/08/16 19:16:39 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/08/16 08:12:29 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11081701\aswRep.dll
MOD - [2011/05/18 11:53:44 | 001,496,576 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r5n7ztb9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 11:53:44 | 000,346,112 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r5n7ztb9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2010/09/22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2008/02/02 23:08:12 | 001,722,368 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzArchive10.tgp
MOD - [2007/03/12 23:34:20 | 000,162,304 | ---- | M] () -- C:\WINDOWS\system32\ztvunrar36.dll
MOD - [2006/05/14 13:03:54 | 000,655,360 | ---- | M] () -- C:\Program Files\TUGZip\TzShell.dll
MOD - [2005/02/17 23:15:22 | 000,077,824 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzImage10.tgp


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/30 21:20:31 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 12:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2007/10/08 23:33:00 | 000,198,144 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisWDM.sys -- (NdisWDM)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/21 10:27:15 | 000,021,120 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{085326CB-51A3560A-05010003})
DRV - [2005/10/20 09:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/18 06:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/29 10:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 00:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=1581&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\HP_Owner\Application Data\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Defender Pro\Defender Pro\bdaphffext\ [2010/07/04 17:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AutocompletePro\[email protected] [2010/07/27 10:26:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/16 19:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/16 19:16:43 | 000,000,000 | ---D | M]

[2010/09/23 09:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2011/08/17 15:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r5n7ztb9.default\extensions
[2011/06/03 09:51:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r5n7ztb9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/25 18:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r5n7ztb9.default\extensions\[email protected]
[2009/09/16 14:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r5n7ztb9.default\extensions\[email protected]
[2010/09/08 13:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r5n7ztb9.default\extensions\[email protected]
[2011/08/17 15:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/03 12:37:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/03 13:54:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/02 17:01:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/17 09:28:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/13 12:44:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/17 22:10:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 09:49:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/20 14:36:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/04/30 21:17:31 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/14 19:08:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Real Hide IP] File not found
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1284586628453 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/06 18:17:52 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 08:13:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
[2011/08/17 10:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\AUTOXTEN-EBOOK
[2011/08/16 17:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/08/16 17:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/15 16:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pdf Power Brand
[2011/08/15 16:43:09 | 003,964,020 | ---- | C] (PDF-Power-Brand ) -- C:\Documents and Settings\HP_Owner\Desktop\setup-pdf.exe
[2011/08/14 19:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/08/12 10:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\ebook
[2011/08/11 14:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\DESKTOP
[2011/08/11 09:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\mytest
[2011/08/10 15:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org
[2011/08/10 15:44:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011/08/10 15:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/08/09 12:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\AUTOXTEN ORIGINAL EBOOKS
[2011/08/08 10:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\myebook
[2011/08/08 10:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Media Get LLC
[2011/08/08 10:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\MediaGet2
[2011/08/07 21:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\ebookfiles
[2011/07/31 16:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\ECOVERS AUTOXTEN
[2011/07/29 10:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\GRAPHICS
[2011/07/20 14:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/05/03 14:33:50 | 000,096,768 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2008/03/10 13:55:50 | 003,005,952 | ---- | C] (Helios Software Solutions) -- C:\Program Files\TextPad.exe
[2003/03/18 22:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003/03/18 22:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003/03/18 21:14:52 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2003/02/21 05:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\HP_Owner\My Documents\*.tmp files -> C:\Documents and Settings\HP_Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/18 08:13:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
[2011/08/18 08:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/18 07:55:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/18 07:55:55 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2229800648-3038043021-3870446118-1009.job
[2011/08/18 07:37:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2229800648-3038043021-3870446118-1009UA.job
[2011/08/17 23:38:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/17 23:37:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/17 21:08:06 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 21:01:49 | 000,186,960 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\default.evt
[2011/08/17 20:19:08 | 000,072,800 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\atxbanner.jpg
[2011/08/17 15:01:14 | 000,854,714 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\AutoXTen-Top-Team.pdf
[2011/08/17 10:49:39 | 000,812,704 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\AUTOXTEN-EBOOK.zip
[2011/08/17 10:43:32 | 000,016,796 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Copy of Ecover.jpg
[2011/08/17 10:32:59 | 002,565,527 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\iPAD-Branding.odt
[2011/08/17 09:37:03 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2229800648-3038043021-3870446118-1009Core.job
[2011/08/16 17:09:55 | 020,153,672 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\winzip150.exe
[2011/08/16 17:08:25 | 000,284,880 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SoftonicDownloader_for_winzip.exe
[2011/08/16 12:20:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/15 16:43:17 | 003,964,020 | ---- | M] (PDF-Power-Brand ) -- C:\Documents and Settings\HP_Owner\Desktop\setup-pdf.exe
[2011/08/15 11:49:59 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\REBRANDING-INSTRUCTIONS.bvp
[2011/08/14 19:47:03 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/08/12 10:32:02 | 000,000,073 | ---- | M] () -- C:\WINDOWS\EurekaLog.ini
[2011/08/11 09:03:43 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/10 22:34:27 | 000,486,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 22:34:27 | 000,081,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 22:30:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 15:48:22 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/09 11:33:18 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/08/08 15:15:03 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2229800648-3038043021-3870446118-1009.job
[2011/08/05 16:41:29 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\NEWAXTXX.bvp
[2011/07/28 13:01:20 | 000,000,031 | ---- | M] () -- C:\WINDOWS\bluevoda.ini
[2011/07/27 15:28:33 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\HP_Owner\My Documents\*.tmp files -> C:\Documents and Settings\HP_Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 15:58:19 | 000,072,800 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\atxbanner.jpg
[2011/08/17 15:01:07 | 000,854,714 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\AutoXTen-Top-Team.pdf
[2011/08/17 10:49:38 | 000,812,704 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\AUTOXTEN-EBOOK.zip
[2011/08/17 10:48:36 | 000,016,796 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Copy of Ecover.jpg
[2011/08/17 09:45:04 | 002,565,527 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\iPAD-Branding.odt
[2011/08/16 17:09:23 | 020,153,672 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\winzip150.exe
[2011/08/16 17:08:28 | 000,284,880 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SoftonicDownloader_for_winzip.exe
[2011/08/14 19:47:03 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/08/12 18:33:01 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\REBRANDING-INSTRUCTIONS.bvp
[2011/08/12 10:32:02 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2011/08/10 15:48:22 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/07/27 15:31:45 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\NEWAXTXX.bvp
[2011/07/10 16:58:23 | 000,151,644 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\VideoPad.dmp
[2011/02/20 23:11:09 | 000,563,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2229800648-3038043021-3870446118-1009-0.dat
[2011/02/20 23:11:01 | 000,303,434 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/21 14:13:39 | 000,000,209 | ---- | C] () -- C:\WINDOWS\WebPage.INI
[2010/09/08 17:20:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/09/08 15:55:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 15:05:26 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2010/07/15 15:05:26 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\UserFlag.ini
[2010/06/17 18:29:53 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/06/17 18:29:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/06/01 22:26:19 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/05/05 17:14:25 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2010/05/05 09:45:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/05/05 09:45:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/04/28 18:10:47 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/04/25 09:32:11 | 000,016,352 | -HS- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\q1D4024dr1AC
[2010/04/25 09:32:11 | 000,016,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q1D4024dr1AC
[2010/04/14 22:52:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/07 12:23:06 | 000,001,250 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/07 18:01:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2009/08/02 17:25:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/02 19:13:13 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/05/27 09:12:57 | 000,002,709 | ---- | C] () -- C:\WINDOWS\System32\cojewgi.dat
[2009/05/13 21:21:20 | 000,002,709 | ---- | C] () -- C:\WINDOWS\System32\eysherip.dat
[2008/06/10 12:55:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2008/06/08 17:40:59 | 000,006,180 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2008/05/08 22:48:37 | 000,062,356 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/05/05 19:30:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ablephotoslideshow.dat
[2008/05/03 21:48:38 | 000,000,035 | ---- | C] () -- C:\Program Files\FlashDetector.ini
[2008/05/03 14:33:50 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2008/04/21 11:34:51 | 000,000,205 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2008/04/16 08:59:56 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2008/03/29 17:45:01 | 000,000,884 | ---- | C] () -- C:\WINDOWS\shlfolder.sys
[2007/10/17 20:57:25 | 000,000,190 | ---- | C] () -- C:\WINDOWS\MIDIMADE.INI
[2007/08/16 16:14:57 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/04/01 09:10:38 | 000,005,189 | ---- | C] () -- C:\WINDOWS\WScheduler.ini
[2007/03/09 00:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 02:14:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/09/01 23:02:48 | 000,001,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/03 14:25:52 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/03 14:25:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/03 14:23:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/03 14:23:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/03 14:23:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/03 14:23:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/03 14:23:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/03 14:23:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/03 14:20:37 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/03 14:18:56 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/06 11:10:39 | 000,079,674 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2006/06/06 11:10:39 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2006/06/05 18:15:45 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2006/06/05 17:58:30 | 000,129,024 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/03 12:37:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/03 12:37:39 | 000,002,988 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/06/02 15:50:49 | 000,000,765 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2006/06/02 15:50:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2006/03/06 18:48:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/06 18:25:40 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/06 18:21:52 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/03/06 18:20:34 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/03/06 18:20:34 | 000,001,227 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/03/06 18:20:23 | 000,013,569 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/06 18:20:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/06 18:18:26 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/06 18:15:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/06 18:04:15 | 000,005,412 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/06 18:02:49 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/06 18:02:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/06 17:58:13 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/03/06 17:58:13 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/03/06 17:57:13 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/03/06 17:57:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/03/06 17:53:13 | 000,087,276 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/06 17:51:34 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/03/06 17:51:34 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/03/06 17:48:23 | 000,088,403 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2006/03/06 17:48:23 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2006/03/06 17:47:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/06 17:28:21 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/06 17:25:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/06 17:25:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/06 17:24:44 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 07:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/04 17:05:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/04 16:55:08 | 000,486,246 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/04 16:55:08 | 000,081,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/04 16:53:22 | 000,303,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/04 16:50:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/04 16:48:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/04/27 11:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/03 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 07:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 08:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/07/04 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/15 15:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2010/04/25 09:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/02/09 14:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/07/04 17:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Defender Pro
[2006/11/21 17:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup
[2010/02/20 17:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/04/09 14:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHideIP
[2009/10/03 11:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\j2 Messenger 4.4 Output
[2007/04/05 14:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft
[2010/09/11 10:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/09 14:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/02/10 19:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2006/07/21 11:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Serious Magic
[2008/08/18 09:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/11/06 18:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/15 17:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2011/08/16 17:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/10 13:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2010/09/18 13:55:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\flashlynxShakeIcon.job
[2011/08/18 08:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/08/09 11:33:18 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2003/10/10 14:47:58 | 000,103,272 | ---- | M] (Microsoft Corporation) -- C:\Windows2000-KB830515-x86-ENU-Symbols.exe
[2003/10/10 14:48:28 | 000,472,936 | ---- | M] (Microsoft Corporation) -- C:\Windows2000-KB830515-x86-ENU.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/03 21:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 21:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 21:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/16 19:16:41 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/16 19:16:41 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/16 19:16:41 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/16 19:16:38 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/16 19:16:38 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/16 19:16:38 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2008/04/14 05:42:24 | 000,093,184 | -HS- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/04/14 05:42:24 | 000,093,184 | -HS- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/16 19:16:41 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/16 19:16:41 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/16 19:16:41 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/16 19:16:38 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/16 19:16:38 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/16 19:16:38 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2008/04/14 05:42:24 | 000,093,184 | -HS- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/04/14 05:42:24 | 000,093,184 | -HS- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

< End of report >

[MissVictoria]

.. HERE'S THE OTL EXTRAS LOG



OTL Extras logfile created on: 8/18/2011 8:15:30 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.30 Mb Total Physical Memory | 111.26 Mb Available Physical Memory | 22.11% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 71.73% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.59 Gb Total Space | 98.26 Gb Free Space | 69.40% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 0.45 Gb Free Space | 6.06% Space Free | Partition Type: FAT32
Drive E: | 7.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JOSHUA | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Value error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2BDFCEE7-68EC-4288-AEA3-4DB96841141B}" = j2 Messenger
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{639159C2-B27B-4208-8965-D8A0AEDBDED2}" = Microsoft .NET Framework 2.0 SDK - ENU
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{85A52A89-81D8-4736-BF5D-032AC2CD61E5}" = eFax Messenger 4.2
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BF953F1A-F946-4804-875D-94B6A6C05CE1}" = Business Card Factory Deluxe 3.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E1BFFB40-BE31-4944-B135-EF864D674AA1}" = iFrame
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"010D7E30-8019-4477-AE7C-BFBBDE570CB9" = Insaniquarium Deluxe from Hewlett-Packard Desktops (remove only)
"0164B693-5A89-49FD-B482-5139C13362AD" = Chuzzle Deluxe from Hewlett-Packard Desktops (remove only)
"01929F2A-2200-4042-8EFD-EEF933E9195C" = FATE from Hewlett-Packard Desktops (remove only)
"024h Lucky Reminder_is1" = 024h Lucky Reminder v1.83
"14DD9322-0AAE-4DA4-90A9-EB42CF296127" = Shooting Stars Pool from Hewlett-Packard Desktops (remove only)
"1888 Notepad_is1" = 1888 Notepad 1.0
"27C7083E-4ECB-4C88-ACC1-0EDA88C00257" = Ricochet Lost Worlds from Hewlett-Packard Desktops (remove only)
"3295A049-B970-4CC5-847C-7ABF14B9F8F1" = Mah Jong Quest from Hewlett-Packard Desktops (remove only)
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only)
"47298745-7194-4142-AFDA-8BE2EDFDF82E" = Bookworm Deluxe from Hewlett-Packard Desktops (remove only)
"51722C3A-7BDA-4238-8B72-CDF049D24D60" = Snowboard SuperJam from Hewlett-Packard Desktops (remove only)
"5253F22E-D4B6-49B7-9106-28D9C5395F22" = Barnyard Invasion from Hewlett-Packard Desktops (remove only)
"58D1A004-6D3C-480A-9E0D-FAA58F3C2A62" = Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
"5A41C174-C9F8-477F-8BE1-3F3CEDCC5A90" = 5 Card Slingo from Hewlett-Packard Desktops (remove only)
"5F5B2E2A-5924-4DAB-825A-10BEA50A4DA1" = Boggle Supreme from Hewlett-Packard Desktops (remove only)
"703E3900-69DA-47C9-9768-C6514098F149" = Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
"7978E9A8-5A11-4406-BA8F-866E120352DF" = Bejeweled 2 Deluxe from Hewlett-Packard Desktops (remove only)
"7-Zip" = 7-Zip 9.20
"87B95621-8B77-4248-A17F-281B3DA1C34F" = AstroPop Deluxe from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AutocompletePro2_is1" = AutocompletePro
"avast" = avast! Free Antivirus
"B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502" = Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
"B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1" = Polar Golfer from Hewlett-Packard Desktops (remove only)
"BA910432-2C22-4BB8-9D13-46170F52C5AC" = Puzzle Express from Hewlett-Packard Desktops (remove only)
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder SV2G
"C1241092-7183-480A-A289-B5920C7C56D0" = Slingo Deluxe from Hewlett-Packard Desktops (remove only)
"C29C53B5-0143-459F-99B5-137E484A78D9" = Zuma Deluxe from Hewlett-Packard Desktops (remove only)
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"comcastDD" = Desktop Doctor
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"D3203C96-6C76-43D6-A3D0-5DD6A0732E83" = SCRABBLE from Hewlett-Packard Desktops (remove only)
"D3974F6C-D10C-4B1A-8113-E1A072DA548F" = Family Feud
"D5213E54-5A45-4DB4-80FB-D55B98303F0B" = Lemonade Tycoon 2 from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"E2A4EA31-80A1-4460-9510-631AF4D6A636" = Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"FlashLynx" = FlashLynx Video Download Software
"Freemake Video Downloader_is1" = Freemake Video Downloader version 2.0.3
"Google Updater" = Google Updater
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"HTML-Protector 2006_is1" = HTML-Protector 2006
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"j2 Messenger" = j2 Messenger
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 SDK - ENU" = Microsoft .NET Framework 2.0 SDK - ENU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PDF Power Brand_is1" = Pdf Power Brand v3.6
"Prism" = Prism Video Converter
"ProAudioWizard1.0" = ProAudioWizard
"PROSet" = Intel® PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 12.0" = RealPlayer
"Replay_Converter_1" = Replay Converter 2.8
"Slideshow Movie Producer_is1" = Slideshow Movie Producer v1.8 (April-23-2006)
"Snap Video Pro_is1" = Snap Video Pro
"The Searchable Clickbank Catalog1.0" = The Searchable Clickbank Catalog
"ToolBox" = NCH Toolbox
"TUGZip_is1" = TUGZip 3.5
"VideoPad" = VideoPad Video Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare DVD Slideshow Builder Standard_is1" = Wondershare DVD Slideshow Builder Standard(Build 6.0.1.23)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2011 4:25:53 PM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application pdfbrander.exe, version 2.2.0.1286, faulting
module pdfbrander.exe, version 2.2.0.1286, fault address 0x00007580.

Error - 8/12/2011 4:26:15 PM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application pdfbrander.exe, version 2.2.0.1286, faulting
module pdfbrander.exe, version 2.2.0.1286, fault address 0x00007580.

Error - 8/13/2011 12:16:43 AM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application bluevoda.exe, version 11.0.1.0, faulting module
bluevoda.exe, version 11.0.1.0, fault address 0x0001e0bd.

Error - 8/13/2011 12:59:03 AM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application bluevoda.exe, version 11.0.1.0, faulting module
bluevoda.exe, version 11.0.1.0, fault address 0x0001e0bd.

Error - 8/13/2011 1:44:27 AM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application bluevoda.exe, version 11.0.1.0, faulting module
bluevoda.exe, version 11.0.1.0, fault address 0x0001e0bd.

Error - 8/14/2011 12:38:53 AM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application bluevoda.exe, version 11.0.1.0, faulting module
bluevoda.exe, version 11.0.1.0, fault address 0x0001e0bd.

Error - 8/14/2011 11:11:41 PM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application bluevoda.exe, version 11.0.1.0, faulting module
bluevoda.exe, version 11.0.1.0, fault address 0x0001e0bd.

Error - 8/15/2011 4:55:21 PM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application bluevoda.exe, version 11.0.1.0, faulting module
bluevoda.exe, version 11.0.1.0, fault address 0x0001e0bd.

Error - 8/15/2011 7:28:56 PM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application signersilver.exe, version 1.0.0.947, faulting
module signersilver.exe, version 1.0.0.947, fault address 0x000025e4.

Error - 8/15/2011 7:29:12 PM | Computer Name = JOSHUA | Source = Application Error | ID = 1000
Description = Faulting application signersilver.exe, version 1.0.0.947, faulting
module signersilver.exe, version 1.0.0.947, fault address 0x00022d43.

[ System Events ]
Error - 8/17/2011 12:03:21 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:21 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:21 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:21 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:22 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:22 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:22 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:22 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:22 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 12:03:22 PM | Computer Name = JOSHUA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

[maliprog]

Quick question... How many folders are forbidden to you... one, two... or many?

[MissVictoria]

Seems like one folder per session (day), in other words, 3 days ago I couldn't open one folder (access denied), second day I tried opening another folder which I've been working on daily, and I got the same error, the 3rd day I tried opening another folder which I've been working on daily as well and I got the same error.
So far 3 or 5 folders have Denied access to my knowledge.

Thanks,

[MissVictoria]

maliprog,

I think it worked...
Here's what I did... since the some folders were still giving me the denied error, I created a brand new folder and moved those problematic folders to the new created folders, and now the error is gone...I'm even able to see the software I have there which I wasn't able to do before, and I'm even moving folders around with no problem which I was not able to do either, so I guess the AVAST Boot Time Scan worked1!!

So far all is working but don't know for how long?
What do you think?

Thanks a million!!

[maliprog]

Good news! Please test your system after these two steps and report tomorrow if everything is OK. I'll prepare cleanup for you in mean time

Step 1

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2010/04/25 09:32:11 | 000,016,352 | -HS- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\q1D4024dr1AC
  [2010/04/25 09:32:11 | 000,016,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q1D4024dr1AC
  
  :Files
  C:\Documents and Settings\HP_Owner\Local Settings\Application Data\q1D4024dr1AC
  C:\Documents and Settings\All Users\Application Data\q1D4024dr1AC
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

• Go to Start -> My Computer
• Right click on C: disk and clik on Properties
• Click on tab Tools and click on Check now... button
• Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
• Click Start button
• Confirm schedule disk check next time computer starts with Yes button
• Restart your system and wait while system checks your disk for errors

Step 3

Please don't forget to include these items in your reply:

• OTL fix log

It would be helpful if you could post each log in separate post

[MissVictoria]

Ok, I will do it and reported tomorrow per your request...
Is this scan gonna take overnight as well?
Just wondering to prepare myself.

Thanks

[MissVictoria]

As requested,

Here's the OTL fix log



All processes killed
========== OTL ==========
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\q1D4024dr1AC moved successfully.
C:\Documents and Settings\All Users\Application Data\q1D4024dr1AC moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\HP_Owner\Local Settings\Application Data\q1D4024dr1AC not found.
File\Folder C:\Documents and Settings\All Users\Application Data\q1D4024dr1AC not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3232277 bytes
->Flash cache emptied: 41044 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: HP_Owner
->Temp folder emptied: 1024744871 bytes
->Temporary Internet Files folder emptied: 230827603 bytes
->Java cache emptied: 1857879 bytes
->FireFox cache emptied: 75315168 bytes
->Google Chrome cache emptied: 6584073 bytes
->Flash cache emptied: 3589072 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 229510 bytes
->Java cache emptied: 8677 bytes
->FireFox cache emptied: 55209910 bytes
->Flash cache emptied: 3733 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 12 bytes
->Flash cache emptied: 22655 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 4459025 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3941415 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 88049368 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1230564 bytes

Total Files Cleaned = 1,430.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Owner
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08182011_212239

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
----------------


It all still works good ;-)

[maliprog]

Hi MissVictoria,

Good job! Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.