HijackThis found the 2 host changes easily. Not sure if there's other stuff in there that needs deleting.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:26 AM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1253870474218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1253910908828
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7657 bytes


Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 5.1.2600 Service Pack 3 (Safe Mode)

11/4/2009 8:54:27 AM
mbam-log-2009-11-04 (08-54-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159589
Time elapsed: 48 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi Bigmuff,


Step #1

Download the HostsXpert 4.3 - Hosts File Manager.

• Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
• Run HostsXpert 4.3 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Step #2

Run ESET Online Scan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push

You can refer to this animation by neomage if needed.



Step #3

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

OK, I ran the Hostsxpert program, which restored Microsoft's defaults and locked the entries so they can't be overwritten (at least I assume that's what it did).

2nd, I ran the ESET online scan. It also scanned my huge external drive, which took forever. It found no threats, and therefore didn't give me a log to post.

3rd, I attempted to install OTL, but IE explorer displayed a nastygram indicating the website is unsafe and contains links to viruses, etc. So I dind't run it. Can you confirm this program/website is safe to use?

Hi bigmuff,

Yes the OTL site is safe to use.

Here are the 2 OTL reports.

OTL Extras logfile created on: 11/4/2009 1:11:04 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.15% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 34.45 Gb Free Space | 26.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 481.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 354.83 Gb Free Space | 76.18% Space Free | Partition Type: NTFS
Drive G: | 170.10 Gb Total Space | 170.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STOMPBOX
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}" = Seagate Manager Installer
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Browser Defender_is1" = Browser Defender 2.0.6.10
"CCleaner" = CCleaner (remove only)
"Champions Online" = Champions Online
"COH" = City of Villains/City of Heroes (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}" = Seagate Manager Installer
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Soulseek" = SoulSeek Client 156c
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2009 7:56:18 PM | Computer Name = STOMPBOX | Source = Application Error | ID = 1001
Description = Fault bucket 1228796429.

Error - 10/22/2009 7:57:16 PM | Computer Name = STOMPBOX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 7:57:21 PM | Computer Name = STOMPBOX | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/31/2009 2:05:12 AM | Computer Name = STOMPBOX | Source = MsiInstaller | ID = 11921
Description = Product: iTunes -- Error 1921. Service 'iPod Service' (iPodService)
could not be stopped. Verify that you have sufficient privileges to stop system
services.

Error - 10/31/2009 2:09:21 AM | Computer Name = STOMPBOX | Source = MsiInstaller | ID = 11921
Description = Product: iTunes -- Error 1921. Service 'iPod Service' (iPodService)
could not be stopped. Verify that you have sufficient privileges to stop system
services.

Error - 10/31/2009 2:43:51 AM | Computer Name = STOMPBOX | Source = MsiInstaller | ID = 11905
Description = Product: iTunes -- Error 1905.Module C:\Program Files\iTunes\iTunesMiniPlayer.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 10/31/2009 2:48:04 AM | Computer Name = STOMPBOX | Source = MsiInstaller | ID = 11921
Description = Product: iTunes -- Error 1921. Service 'iPod Service' (iPodService)
could not be stopped. Verify that you have sufficient privileges to stop system
services.

Error - 10/31/2009 2:53:52 AM | Computer Name = STOMPBOX | Source = MsiInstaller | ID = 11921
Description = Product: iTunes -- Error 1921.Service iPod Service (iPodService) could
not be stopped. Verify that you have sufficient privileges to stop system services.

Error - 10/31/2009 2:54:35 AM | Computer Name = STOMPBOX | Source = MsiInstaller | ID = 11905
Description = Product: iTunes -- Error 1905.Module C:\Program Files\iTunes\iTunesMiniPlayer.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 11/1/2009 7:05:06 PM | Computer Name = STOMPBOX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/7/2009 1:22:16 PM | Computer Name = STOMPBOX | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >







OTL logfile created on: 11/4/2009 1:11:04 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.15% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 34.45 Gb Free Space | 26.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 481.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 354.83 Gb Free Space | 76.18% Space Free | Partition Type: NTFS
Drive G: | 170.10 Gb Total Space | 170.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STOMPBOX
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 4B EF DA EC 59 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/25 12:38:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/03 23:46:59 | 00,000,000 | ---D | M]


O1 HOSTS File: (698 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1253870474218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1253910908828 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/25 01:15:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/27 15:10:00 | 00,000,143 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/09/25 21:29:59 | 00,000,067 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2000/01/17 08:28:36 | 00,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>)
O33 - MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\Shell\dinstall\command - "" = E:\DirectX\dxsetup.exe -- [2003/08/18 16:15:00 | 00,467,456 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2004/07/16 09:04:26 | 00,229,376 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/04 13:07:05 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2009/11/04 10:48:00 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/04 10:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\hostsxpert
[2009/11/04 10:43:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\New Folder
[2009/11/04 10:17:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/04 00:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2009/11/03 23:47:15 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/03 23:47:15 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/03 23:47:15 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/03 23:47:15 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/03 23:47:15 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/03 23:46:55 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/03 23:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Sun
[2009/11/03 21:40:19 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Recent
[2009/11/01 13:15:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\vacuum
[2009/10/31 11:12:27 | 01,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/10/31 11:12:27 | 00,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2009/10/31 11:12:27 | 00,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2009/10/31 11:12:27 | 00,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2009/10/31 11:12:27 | 00,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2009/10/31 11:12:27 | 00,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/10/31 11:12:27 | 00,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/10/31 11:12:27 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/10/31 11:12:27 | 00,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2009/10/31 11:12:27 | 00,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/10/31 11:12:27 | 00,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/10/31 11:12:27 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/10/31 11:12:27 | 00,043,528 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
[2009/10/31 11:12:27 | 00,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/10/31 11:12:27 | 00,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/10/31 11:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/10/31 11:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/10/30 23:03:27 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/10/30 23:03:27 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/10/30 23:02:43 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/30 23:02:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/30 21:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/30 21:58:53 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/30 21:58:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Apple
[2009/10/30 21:58:39 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/30 21:58:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/30 21:58:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/30 21:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/30 21:47:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/30 21:37:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Apple Computer
[2009/10/30 21:37:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Apple Computer
[2009/10/30 21:37:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/10/30 21:37:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/10/30 21:36:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/10/30 21:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/26 15:22:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/10/25 21:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\flatty
[2009/10/25 10:29:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\ski stuff
[2009/10/24 16:53:07 | 00,000,000 | ---D | C] -- C:\Program Files\Cryptic Studios
[2009/10/22 16:17:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Threat Expert
[2009/10/22 15:12:21 | 00,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/10/22 15:12:21 | 00,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/10/22 15:12:21 | 00,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/10/22 15:11:59 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/10/22 15:11:58 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/10/22 15:11:58 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/10/22 15:09:44 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/22 15:09:39 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/22 15:09:39 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/22 15:09:32 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/22 15:09:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/22 15:09:25 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/22 15:09:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\PC Tools
[2009/10/22 15:09:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/20 14:41:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Identities
[2009/10/18 23:55:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\madll
[2009/10/16 23:14:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IECompatCache
[2009/10/15 21:37:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\digitech
[2009/10/14 12:27:25 | 00,000,000 | ---D | C] -- C:\Program Files\Doom 3
[2009/10/13 12:47:16 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/10/13 12:47:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/10/07 22:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/10/07 22:07:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\HpUpdate
[2009/10/07 22:07:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2009/10/07 11:59:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\DivX
[2009/10/07 09:45:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/10/06 23:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/10/06 21:15:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/04 13:06:21 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2009/11/04 10:17:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2009/11/04 09:50:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/04 08:59:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/04 08:58:45 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/11/04 08:58:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 08:58:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 08:57:20 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2009/11/04 08:57:20 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2009/11/04 08:57:17 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2009/11/03 23:46:59 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/03 23:46:59 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/03 23:46:59 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/03 23:46:59 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/03 23:46:58 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/01 22:36:08 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 22:36:08 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 22:36:08 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 09:05:20 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\enchiladas.doc
[2009/10/30 22:30:12 | 00,013,334 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\cc_20091030_232912.reg
[2009/10/30 21:50:31 | 00,000,588 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/30 21:50:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/30 21:50:31 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/27 00:58:10 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/26 15:11:40 | 00,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/10/19 21:20:58 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/10/19 20:31:01 | 00,000,883 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml
[2009/10/14 12:53:04 | 00,000,331 | ---- | M] () -- C:\WINDOWS\doom3.ini
[2009/10/12 14:52:57 | 00,368,306 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\BoostRVB-OM.pdf
[2009/10/08 12:14:10 | 00,059,664 | --S- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/10/08 12:14:10 | 00,033,552 | --S- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/10/08 12:14:08 | 00,051,984 | --S- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/10/08 10:31:46 | 00,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/10/08 10:31:44 | 01,636,304 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/10/08 10:31:44 | 00,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/10/08 10:31:14 | 00,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/07 22:10:25 | 00,000,214 | ---- | M] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/10/07 22:09:40 | 00,000,221 | ---- | M] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/10/07 09:46:28 | 00,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2009/10/06 16:56:20 | 00,000,662 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cc_20091006_175604.reg
[2009/10/06 16:55:50 | 00,032,202 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cc_20091006_175537.reg
[2009/10/06 16:40:49 | 00,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/06 15:31:30 | 00,087,784 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/04 10:17:50 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2009/11/01 09:05:20 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\enchiladas.doc
[2009/10/30 22:29:18 | 00,013,334 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\cc_20091030_232912.reg
[2009/10/30 21:58:41 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/26 15:18:50 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/26 14:08:39 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/10/22 15:11:59 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/22 15:11:59 | 00,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/10/22 15:11:59 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/10/22 15:11:59 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/10/22 15:11:58 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/10/22 15:09:44 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/10/22 15:09:39 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/10/22 15:09:39 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/22 15:09:32 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/10/18 23:38:45 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin
[2009/10/14 12:53:04 | 00,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/10/12 14:52:57 | 00,368,306 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\BoostRVB-OM.pdf
[2009/10/07 22:10:25 | 00,002,064 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\HPSU_48BitScanUpdate.log
[2009/10/07 22:10:25 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/10/07 22:09:40 | 00,042,962 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/10/07 22:09:40 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/10/07 09:46:28 | 00,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2009/10/06 23:45:14 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/10/06 16:56:05 | 00,000,662 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cc_20091006_175604.reg
[2009/10/06 16:55:39 | 00,032,202 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cc_20091006_175537.reg
[2009/10/01 20:18:37 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/10/01 20:14:59 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/29 09:27:04 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/26 09:45:23 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/25 11:37:12 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/09/25 08:48:11 | 00,019,224 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/25 01:23:42 | 03,184,656 | -H-- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2009/09/25 01:20:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Mike\Application Data\desktop.ini
[2009/09/24 18:03:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2001/08/23 04:00:00 | 00,000,588 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 04:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/06 14:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/10/26 15:22:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/09/25 11:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/09/25 21:29:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/11/04 10:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/30 23:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/25 10:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ATI
[2009/11/04 00:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2009/09/25 21:26:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2001/08/23 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 08:58:45 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/11/04 08:58:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

How is your computer running?


Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  CODE
  :OTL
  O4 - HKLM..\Run: [] File not found
  O33 - MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\Shell - "" = AutoRun
  O33 - MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2000/01/17 08:28:36 | 00,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>)
  O33 - MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\Shell\dinstall\command - "" = E:\DirectX\dxsetup.exe -- [2003/08/18 16:15:00 | 00,467,456 | R--- | M] (Microsoft Corporation)
  O33 - MountPoints2\E\Shell - "" = AutoRun
  O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2004/07/16 09:04:26 | 00,229,376 | R--- | M] ()
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

OK, did all that. My computer seems to run fine, most of the time. This is a month or so old fresh install of windows - I reinstalled because I got a vundo varient I simply gave up on fixing. Sometimes IE hangs, and I can't tell if it's something malicious hogging resources, or if it's Spyware Doctor hogging resources. A few weeks ago I got some kind of rogue AV thing, but I was able to remove it. As of this exact moment, the PC is running nice and smooth, and fast, though I don't know how much of that has to do with Spyware Dr being shut down. Here's the log from that 2nd OTL run:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b8a69c3-a977-11de-b38c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b8a69c3-a977-11de-b38c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b8a69c3-a977-11de-b38c-806d6172696f}\ not found.
File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b8a69c3-a977-11de-b38c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b8a69c3-a977-11de-b38c-806d6172696f}\ not found.
File move failed. E:\DirectX\dxsetup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33684 bytes

User: Mike
->Temp folder emptied: 23280455 bytes
->Temporary Internet Files folder emptied: 79362270 bytes
->Java cache emptied: 13689500 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 500508 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138618 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 98809 bytes
RecycleBin emptied: 3092 bytes

Total Files Cleaned = 112.67 mb


OTL by OldTimer - Version 3.1.3.3 log created on 11042009_132912

Files\Folders moved on Reboot...
File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. E:\DirectX\dxsetup.exe scheduled to be moved on reboot.
File move failed. E:\setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I would like to take a deeper look to make sure nothing is hiding:

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Done. Here are the 2 logs: Thanks for doing all this, by the way.

info.txt logfile of random's system information tool 1.06 2009-11-04 13:58:15

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Defender 2.0.6.10-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Champions Online-->C:\Program Files\Cryptic Studios\Uninstall Champions Online.exe
City of Villains/City of Heroes (remove only)-->"C:\Program Files\City of Heroes\uninstall.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
iPod Updater 2004-11-15-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Spyware Doctor with AntiVirus (disabled)

======System event log======

Computer Name: STOMPBOX
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 2240
Source Name: Disk
Time Written: 20091007085210.000000-420
Event Type: warning
User:

Computer Name: STOMPBOX
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 2236
Source Name: Disk
Time Written: 20091007065210.000000-420
Event Type: warning
User:

Computer Name: STOMPBOX
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 2235
Source Name: Disk
Time Written: 20091007045210.000000-420
Event Type: warning
User:

Computer Name: STOMPBOX
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 2234
Source Name: Disk
Time Written: 20091007035355.000000-420
Event Type: warning
User:

Computer Name: STOMPBOX
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 2233
Source Name: Disk
Time Written: 20091007035350.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: STOMPBOX
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 35
Source Name: WinMgmt
Time Written: 20090925094819.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STOMPBOX
Event Code: 63
Message: A provider, WMIProv, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 24
Source Name: WinMgmt
Time Written: 20090925094426.000000-420
Event Type: warning
User: STOMPBOX\Mike

Computer Name: STOMPBOX
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 23
Source Name: WinMgmt
Time Written: 20090925094426.000000-420
Event Type: warning
User: STOMPBOX\Mike

Computer Name: STOMPBOX
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMade method on subscription {A50AEA41-54A2-440C-8329-9971C54430EA}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 22
Source Name: EventSystem
Time Written: 20090925022517.000000-420
Event Type: warning
User:

Computer Name: STOMPBOX
Event Code: 4354
Message: The COM+ Event System failed to fire the StartShell method on subscription {A5978620-5B3F-F1D1-8ED2-00FA0035B753}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 18
Source Name: EventSystem
Time Written: 20090925022023.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------









Logfile of random's system information tool 1.06 (written by random/random)
Run by Mike at 2009-11-04 13:58:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (27%) free of 131 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:12 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1253870474218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1253910908828
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6962 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2009-03-27 181544]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-21 61440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-03 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-10-26 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 3 months======

2009-11-04 13:58:09 ----D---- C:\rsit
2009-11-04 13:29:12 ----D---- C:\_OTL
2009-11-04 10:48:00 ----D---- C:\Program Files\ESET
2009-11-04 10:17:50 ----D---- C:\Program Files\Trend Micro
2009-11-04 00:47:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-04 00:30:16 ----D---- C:\Documents and Settings\Mike\Application Data\GetRightToGo
2009-11-03 23:47:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-03 23:47:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-03 23:47:15 ----A---- C:\WINDOWS\system32\java.exe
2009-11-03 23:47:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-03 23:46:55 ----D---- C:\Program Files\Java
2009-11-03 23:46:29 ----D---- C:\Documents and Settings\Mike\Application Data\Sun
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-10-31 11:12:27 ----N---- C:\WINDOWS\system32\px.dll
2009-10-31 11:12:08 ----D---- C:\Program Files\DivX
2009-10-31 11:12:08 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-30 23:03:27 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-10-30 23:02:43 ----D---- C:\Program Files\iTunes
2009-10-30 23:02:43 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-30 21:59:22 ----D---- C:\Program Files\Bonjour
2009-10-30 21:58:53 ----D---- C:\Program Files\QuickTime
2009-10-30 21:58:39 ----D---- C:\Program Files\Apple Software Update
2009-10-30 21:58:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-30 21:58:00 ----D---- C:\Program Files\Common Files\Apple
2009-10-30 21:58:00 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-10-30 21:47:05 ----D---- C:\WINDOWS\pss
2009-10-30 21:37:45 ----A---- C:\WINDOWS\system32\reglog.txt
2009-10-30 21:37:44 ----D---- C:\Documents and Settings\Mike\Application Data\Apple Computer
2009-10-30 21:37:33 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2009-10-30 21:37:27 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-30 21:36:33 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-30 21:36:09 ----D---- C:\Program Files\iPod
2009-10-26 15:22:06 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-10-26 15:18:50 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-10-26 14:08:39 ----A---- C:\WINDOWS\WININIT.INI
2009-10-24 16:53:07 ----D---- C:\Program Files\Cryptic Studios
2009-10-22 15:11:59 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-10-22 15:11:59 ----A---- C:\WINDOWS\BDTSupport.dll
2009-10-22 15:11:58 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-10-22 15:11:58 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-10-22 15:09:26 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-22 15:09:25 ----D---- C:\Program Files\Spyware Doctor
2009-10-22 15:09:25 ----D---- C:\Documents and Settings\Mike\Application Data\PC Tools
2009-10-22 15:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-10-18 23:55:59 ----D---- C:\WINDOWS\system32\madll
2009-10-15 02:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 02:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 02:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 02:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 02:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 02:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 02:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 02:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 02:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-14 12:53:04 ----A---- C:\WINDOWS\doom3.ini
2009-10-14 12:27:25 ----D---- C:\Program Files\Doom 3
2009-10-13 12:47:16 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-10-13 12:47:16 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-10-07 22:11:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-10-07 22:10:25 ----A---- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2009-10-07 22:09:40 ----A---- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2009-10-07 22:07:31 ----D---- C:\Documents and Settings\Mike\Application Data\HpUpdate
2009-10-07 22:07:30 ----D---- C:\WINDOWS\Hewlett-Packard
2009-10-07 11:59:45 ----D---- C:\Documents and Settings\Mike\Application Data\DivX
2009-10-07 09:45:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\zh-TW
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\zh-HK
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\tr-TR
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\sv-SE
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\pt-BR
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\nl-NL
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\nb-NO
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\ko-KR
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\it-IT
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\he-IL
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\fr-FR
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\fi-FI
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\es-ES
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\el-GR
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\de-DE
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\da-DK
2009-10-06 23:45:13 ----D---- C:\WINDOWS\system32\ar-SA
2009-10-06 21:15:32 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-06 17:27:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-03 02:00:19 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-10-01 20:22:06 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-10-01 20:21:50 ----D---- C:\Program Files\Common Files\HP
2009-10-01 20:19:37 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-10-01 20:18:37 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-10-01 20:18:36 ----A---- C:\WINDOWS\system32\hpz3l3xu.dll
2009-10-01 20:17:43 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-10-01 20:17:43 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-10-01 20:17:43 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-10-01 20:17:43 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-10-01 20:17:43 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-10-01 20:17:43 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-10-01 20:17:39 ----A---- C:\WINDOWS\IsUninst.exe
2009-10-01 20:16:25 ----D---- C:\Program Files\HP
2009-10-01 20:15:43 ----HD---- C:\Config.Msi
2009-10-01 20:14:23 ----D---- C:\Documents and Settings\Mike\Application Data\HP
2009-10-01 17:31:11 ----D---- C:\Program Files\MSECache
2009-10-01 15:33:41 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-10-01 10:15:26 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-29 09:27:04 ----A---- C:\WINDOWS\ODBC.INI
2009-09-29 09:26:34 ----D---- C:\Program Files\Common Files\Designer
2009-09-29 09:26:32 ----D---- C:\WINDOWS\ShellNew
2009-09-29 09:26:17 ----D---- C:\Program Files\Microsoft Office
2009-09-28 09:52:24 ----D---- C:\Program Files\Soulseek
2009-09-27 16:45:22 ----D---- C:\Program Files\Steam
2009-09-26 12:44:05 ----D---- C:\Program Files\Common Files\Adobe
2009-09-26 12:43:24 ----D---- C:\Program Files\Adobe
2009-09-26 12:43:17 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-26 12:43:15 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-09-26 12:42:44 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-26 08:29:11 ----D---- C:\Program Files\CCleaner
2009-09-25 23:32:47 ----D---- C:\Documents and Settings\Mike\Application Data\Google
2009-09-25 23:27:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-25 21:29:44 ----D---- C:\Program Files\Seagate
2009-09-25 21:29:44 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2009-09-25 21:28:19 ----SHD---- C:\WINDOWS\ftpcache
2009-09-25 21:26:03 ----D---- C:\Documents and Settings\Mike\Application Data\Leadertech
2009-09-25 19:09:41 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-25 19:09:41 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-25 14:44:48 ----D---- C:\Program Files\City of Heroes
2009-09-25 12:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-09-25 12:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-25 12:37:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-09-25 12:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-09-25 12:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-09-25 12:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-25 12:31:13 ----D---- C:\Program Files\Microsoft
2009-09-25 12:30:57 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-25 12:30:34 ----D---- C:\Program Files\Windows Live
2009-09-25 12:27:50 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-25 12:25:48 ----SHD---- C:\RECYCLER
2009-09-25 12:02:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-25 12:02:50 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-09-25 12:02:40 ----D---- C:\Program Files\Windows Media Connect 2
2009-09-25 12:02:33 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-09-25 12:02:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-09-25 12:01:51 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-25 12:01:45 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-09-25 11:50:33 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2009-09-25 11:50:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-25 11:50:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-25 11:45:59 ----D---- C:\WINDOWS\RegisteredPackages
2009-09-25 11:37:41 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-09-25 11:37:18 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-09-25 11:37:13 ----D---- C:\Program Files\Realtek AC97
2009-09-25 11:37:13 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-09-25 11:37:12 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-09-25 11:37:12 ----A---- C:\WINDOWS\soundman.exe
2009-09-25 11:37:12 ----A---- C:\WINDOWS\alcupd.exe
2009-09-25 11:37:12 ----A---- C:\WINDOWS\Alcrmv.exe
2009-09-25 11:27:36 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-25 10:39:54 ----D---- C:\Documents and Settings\Mike\Application Data\Macromedia
2009-09-25 10:37:53 ----D---- C:\Documents and Settings\Mike\Application Data\ATI
2009-09-25 10:32:17 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-25 10:32:14 ----D---- C:\Program Files\MSBuild
2009-09-25 10:32:10 ----D---- C:\Program Files\Reference Assemblies
2009-09-25 10:31:55 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-25 10:31:55 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-25 10:31:55 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-25 10:31:54 ----D---- C:\9531cc9ca40a0cbb260f619e929d
2009-09-25 10:23:56 ----RSD---- C:\WINDOWS\assembly
2009-09-25 10:23:37 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-25 10:18:53 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-25 10:18:53 ----D---- C:\Program Files\ATI Technologies
2009-09-25 10:18:24 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-25 10:18:04 ----D---- C:\ATI
2009-09-25 10:14:35 ----D---- C:\Documents and Settings\Mike\Application Data\Adobe
2009-09-25 09:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-25 09:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-25 09:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-25 09:51:52 ----D---- C:\WINDOWS\ie8updates
2009-09-25 09:51:37 ----D---- C:\WINDOWS\WBEM
2009-09-25 09:50:51 ----HDC---- C:\WINDOWS\ie8
2009-09-25 09:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-25 09:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-25 09:25:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-25 09:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-25 09:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-25 09:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-25 09:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-25 09:25:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-25 09:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-25 09:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-25 09:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-25 09:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-25 09:24:45 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-25 09:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-25 09:24:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-25 09:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-25 09:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-25 09:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-25 09:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-25 09:24:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-25 09:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-25 09:24:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-25 09:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-25 09:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-25 09:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-25 09:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-25 09:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-25 09:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-25 09:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-25 09:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-25 09:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-25 09:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-25 09:23:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-25 09:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-25 09:23:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-25 09:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-25 09:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-25 09:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-25 09:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-25 09:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-25 09:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-25 09:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-25 09:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-25 09:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-25 09:17:43 ----D---- C:\WINDOWS\Prefetch
2009-09-25 09:13:31 ----D---- C:\WINDOWS\system32\en-us
2009-09-25 09:13:30 ----D---- C:\WINDOWS\system32\scripting
2009-09-25 09:13:30 ----D---- C:\WINDOWS\l2schemas
2009-09-25 09:13:29 ----D---- C:\WINDOWS\system32\en
2009-09-25 09:10:39 ----D---- C:\WINDOWS\network diagnostic
2009-09-25 09:06:04 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-09-25 09:06:04 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-09-25 09:06:03 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-09-25 09:06:02 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-09-25 09:06:02 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-09-25 09:06:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-09-25 09:06:02 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-09-25 09:06:01 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-09-25 09:06:01 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-09-25 09:06:01 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-09-25 09:05:59 ----N---- C:\WINDOWS\system32\setupn.exe
2009-09-25 09:05:58 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-09-25 09:05:58 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-09-25 09:05:58 ----N---- C:\WINDOWS\system32\qutil.dll
2009-09-25 09:05:58 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-09-25 09:05:58 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-09-25 09:05:58 ----N---- C:\WINDOWS\system32\qagent.dll
2009-09-25 09:05:58 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-09-25 09:05:58 ----N---- C:\WINDOWS\system32\onex.dll
2009-09-25 09:05:56 ----N---- C:\WINDOWS\system32\napstat.exe
2009-09-25 09:05:56 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-09-25 09:05:56 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-09-25 09:05:56 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-09-25 09:05:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-09-25 09:05:56 ----N---- C:\WINDOWS\system32\mssha.dll
2009-09-25 09:05:56 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-09-25 09:05:54 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-09-25 09:05:54 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-09-25 09:05:54 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-09-25 09:05:53 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-09-25 09:05:52 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-09-25 09:05:52 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-09-25 09:05:52 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-09-25 09:05:52 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-09-25 09:05:52 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-09-25 09:05:52 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-09-25 09:05:50 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-09-25 09:05:50 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-09-25 09:05:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-09-25 09:05:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-09-25 09:05:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-09-25 09:05:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-09-25 09:05:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-09-25 09:05:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-09-25 09:05:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-09-25 09:05:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-09-25 09:05:47 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-09-25 09:05:46 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-09-25 09:05:46 ----N---- C:\WINDOWS\system32\credssp.dll
2009-09-25 09:05:44 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-09-25 09:05:44 ----N---- C:\WINDOWS\system32\azroles.dll
2009-09-25 09:05:44 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-09-25 08:56:53 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-09-25 08:54:11 ----D---- C:\WINDOWS\system32\PreInstall
2009-09-25 08:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-09-25 08:54:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-25 08:53:59 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-25 08:49:23 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-25 08:47:45 ----SD---- C:\WINDOWS\system32\Microsoft
2009-09-25 08:44:03 ----D---- C:\WINDOWS\provisioning
2009-09-25 08:44:03 ----D---- C:\WINDOWS\peernet
2009-09-25 08:43:06 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-25 08:41:28 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-09-25 08:41:26 ----A---- C:\WINDOWS\system32\divx_xx16.dll
2009-09-25 08:41:26 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2009-09-25 08:41:26 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2009-09-25 08:41:26 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2009-09-25 08:41:26 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2009-09-25 08:41:26 ----A---- C:\WINDOWS\system32\DivX.dll
2009-09-25 08:41:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-25 08:40:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-09-25 08:39:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-25 08:39:36 ----D---- C:\WINDOWS\EHome
2009-09-25 01:31:11 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-09-25 01:25:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-09-25 01:23:12 ----D---- C:\WINDOWS\system32\bits
2009-09-25 01:23:06 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-09-25 01:22:54 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-09-25 01:22:54 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-09-25 01:22:54 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-09-25 01:22:54 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-09-25 01:22:54 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-09-25 01:21:52 ----A---- C:\WINDOWS\system32\wups2.dll
2009-09-25 01:21:52 ----A---- C:\WINDOWS\system32\wups.dll
2009-09-25 01:21:52 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-09-25 01:21:52 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-09-25 01:21:52 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-09-25 01:21:52 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-09-25 01:21:52 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-09-25 01:21:21 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-25 01:20:10 ----SHD---- C:\WINDOWS\Installer
2009-09-25 01:20:09 ----D---- C:\Documents and Settings\Mike\Application Data\Identities
2009-09-25 01:20:05 ----HD---- C:\Program Files\Uninstall Information
2009-09-25 01:20:01 ----SD---- C:\Documents and Settings\Mike\Application Data\Microsoft
2009-09-25 01:20:01 ----ASH---- C:\Documents and Settings\Mike\Application Data\desktop.ini
2009-09-25 01:18:07 ----SHD---- C:\System Volume Information
2009-09-25 01:15:42 ----D---- C:\WINDOWS\system32\xircom
2009-09-25 01:15:42 ----D---- C:\Program Files\xerox
2009-09-25 01:15:42 ----D---- C:\Program Files\microsoft frontpage
2009-09-25 01:15:24 ----A---- C:\WINDOWS\control.ini
2009-09-25 01:15:24 ----A---- C:\AUTOEXEC.BAT
2009-09-25 01:15:15 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-09-25 01:14:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-25 01:14:39 ----RD---- C:\WINDOWS\Offline Web Pages
2009-09-25 01:14:39 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-09-25 01:14:35 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-09-25 01:14:22 ----D---- C:\WINDOWS\srchasst
2009-09-25 01:14:17 ----D---- C:\WINDOWS\system32\DirectX
2009-09-25 01:14:16 ----D---- C:\WINDOWS\system32\Macromed
2009-09-25 01:14:07 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-09-25 01:14:06 ----D---- C:\Program Files\Movie Maker
2009-09-25 01:13:53 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-09-25 01:13:53 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-09-25 01:13:53 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-09-25 01:13:53 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-09-25 01:13:52 ----A---- C:\WINDOWS\system32\atrace.dll
2009-09-25 01:13:48 ----A---- C:\WINDOWS\system32\desktop.ini
2009-09-25 01:13:48 ----A---- C:\WINDOWS\desktop.ini
2009-09-25 01:13:42 ----D---- C:\WINDOWS\system32\Restore
2009-09-25 01:13:42 ----D---- C:\Program Files\Windows Media Player
2009-09-25 01:13:42 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-09-25 01:13:42 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-09-25 01:13:42 ----A---- C:\WINDOWS\system32\srclient.dll
2009-09-25 01:13:41 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-09-25 01:13:41 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-09-25 01:13:41 ----A---- C:\WINDOWS\system32\msconf.dll
2009-09-25 01:13:41 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-09-25 01:13:41 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-09-25 01:13:41 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-09-25 01:13:41 ----A---- C:\WINDOWS\system32\ils.dll
2009-09-25 01:13:38 ----D---- C:\Program Files\NetMeeting
2009-09-25 01:13:37 ----D---- C:\WINDOWS\PCHEALTH
2009-09-25 01:13:37 ----D---- C:\Program Files\Common Files\Services
2009-09-25 01:13:37 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-09-25 01:13:37 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-09-25 01:13:37 ----A---- C:\WINDOWS\system32\acctres.dll
2009-09-25 01:13:36 ----A---- C:\WINDOWS\system32\inetres.dll
2009-09-25 01:13:35 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-09-25 01:13:32 ----SD---- C:\WINDOWS\Tasks
2009-09-25 01:13:32 ----D---- C:\Program Files\Outlook Express
2009-09-25 01:13:32 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-09-25 01:13:32 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-09-25 01:13:32 ----A---- C:\WINDOWS\system32\mstask.dll
2009-09-25 01:13:32 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-09-25 01:13:31 ----A---- C:\WINDOWS\system32\isign32.dll
2009-09-25 01:13:31 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-09-25 01:13:31 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-09-25 01:13:31 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-09-25 01:13:29 ----D---- C:\Program Files\Common Files\MSSoap
2009-09-25 01:13:26 ----D---- C:\Program Files\Common Files\System
2009-09-25 01:13:23 ----D---- C:\Program Files\Internet Explorer
2009-09-25 01:12:55 ----A---- C:\WINDOWS\vbaddin.ini
2009-09-25 01:12:55 ----A---- C:\WINDOWS\vb.ini
2009-09-25 01:12:52 ----D---- C:\WINDOWS\Registration
2009-09-25 01:12:46 ----HD---- C:\Program Files\WindowsUpdate
2009-09-25 01:12:46 ----D---- C:\Program Files\Online Services
2009-09-25 01:12:41 ----D---- C:\Program Files\Messenger
2009-09-25 01:12:36 ----D---- C:\Program Files\MSN
2009-09-25 01:12:33 ----D---- C:\Program Files\MSN Gaming Zone
2009-09-25 01:12:33 ----A---- C:\WINDOWS\system32\write.exe
2009-09-25 01:12:26 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-09-25 01:12:26 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-09-25 01:12:26 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-09-25 01:12:26 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-09-25 01:12:25 ----D---- C:\Program Files\Windows NT
2009-09-25 01:12:25 ----A---- C:\WINDOWS\system32\winchat.exe
2009-09-25 01:12:25 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-09-25 01:12:25 ----A---- C:\WINDOWS\system32\hticons.dll
2009-09-25 01:12:25 ----A---- C:\WINDOWS\system32\avwav.dll
2009-09-25 01:12:25 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-09-25 01:12:25 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-09-25 01:12:24 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-09-25 01:12:20 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-09-25 01:12:19 ----A---- C:\WINDOWS\system32\spider.exe
2009-09-25 01:12:19 ----A---- C:\WINDOWS\system32\sol.exe
2009-09-25 01:12:19 ----A---- C:\WINDOWS\system32\getuname.dll
2009-09-25 01:12:19 ----A---- C:\WINDOWS\system32\charmap.exe
2009-09-25 01:12:19 ----A---- C:\WINDOWS\system32\calc.exe
2009-09-25 01:12:18 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-09-25 01:12:18 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-09-25 01:12:18 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-09-25 01:12:18 ----A---- C:\WINDOWS\system32\winmine.exe
2009-09-25 01:12:18 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-09-25 01:12:18 ----A---- C:\WINDOWS\system32\freecell.exe
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\tskill.exe
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\reset.exe
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-09-25 01:12:17 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\tscon.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\shadow.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\regini.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\msg.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\logoff.exe
2009-09-25 01:12:16 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-09-25 01:12:15 ----D---- C:\WINDOWS\system32\MsDtc
2009-09-25 01:12:15 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-09-25 01:12:15 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-09-25 01:12:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-09-25 01:12:15 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-09-25 01:12:15 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-09-25 01:12:15 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-09-25 01:12:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-09-25 01:12:15 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-09-25 01:12:14 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-09-25 01:12:14 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-09-25 01:12:14 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-09-25 01:12:13 ----D---- C:\WINDOWS\system32\Com
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\stclient.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\colbact.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-09-25 01:12:13 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-09-25 01:12:12 ----A---- C:\WINDOWS\system32\comuid.dll
2009-09-25 01:12:12 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-09-25 01:12:12 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-09-25 01:12:12 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-09-25 01:12:12 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-09-25 01:12:04 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-09-25 01:12:04 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-09-25 01:12:04 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-09-25 01:12:04 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-09-25 01:12:04 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-09-24 18:10:03 ----A---- C:\WINDOWS\system32\h323log.txt
2009-09-24 18:04:52 ----A---- C:\WINDOWS\system32\usbui.dll
2009-09-24 18:03:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-24 18:03:57 ----D---- C:\Program Files\Common Files\ODBC
2009-09-24 18:03:57 ----A---- C:\WINDOWS\ODBCINST.INI
2009-09-24 18:03:55 ----RD---- C:\Program Files
2009-09-24 18:03:55 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-09-24 18:03:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-24 18:03:55 ----D---- C:\Program Files\Common Files
2009-09-24 18:03:53 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-09-24 18:03:53 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-09-24 18:03:53 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-09-24 18:03:51 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-09-24 18:03:50 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-09-24 18:03:50 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-09-24 18:03:50 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-09-24 18:03:50 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-09-24 18:03:50 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-09-24 18:03:50 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-09-24 18:03:50 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-09-24 18:03:48 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-09-24 18:03:48 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-09-24 18:03:48 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-09-24 18:03:48 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-09-24 18:03:48 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-09-24 18:03:47 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-09-24 18:03:45 ----A---- C:\WINDOWS\system32\irclass.dll
2009-09-24 18:03:45 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-09-24 18:03:45 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-09-24 18:03:44 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-09-24 18:03:44 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-09-24 18:03:44 ----A---- C:\WINDOWS\system32\batt.dll
2009-09-24 18:03:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-09-24 18:03:42 ----A---- C:\WINDOWS\system32\storprop.dll
2009-09-24 18:03:42 ----A---- C:\WINDOWS\notepad.exe
2009-09-24 18:03:36 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-09-24 18:03:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-24 18:03:26 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-24 18:03:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-24 18:03:09 ----D---- C:\Documents and Settings
2009-09-24 18:02:12 ----ASH---- C:\boot.ini
2009-09-24 17:59:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-24 17:59:26 ----RSD---- C:\WINDOWS\Fonts
2009-09-24 17:59:26 ----RD---- C:\WINDOWS\Web
2009-09-24 17:59:26 ----HD---- C:\WINDOWS\inf
2009-09-24 17:59:26 ----D---- C:\WINDOWS\WinSxS
2009-09-24 17:59:26 ----D---- C:\WINDOWS\twain_32
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Temp
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\wins
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\wbem
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\usmt
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\spool
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\ShellExt
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\Setup
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\ras
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\oobe
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\npp
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\mui
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\IME
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\icsxml
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\ias
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\export
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\drivers
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\dhcp
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\config
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\3com_dmi
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\3076
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\2052
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\1054
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\1042
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\1041
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\1037
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\1033
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\1031
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\1028
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32\1025
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system32
2009-09-24 17:59:26 ----D---- C:\WINDOWS\system
2009-09-24 17:59:26 ----D---- C:\WINDOWS\security
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Resources
2009-09-24 17:59:26 ----D---- C:\WINDOWS\repair
2009-09-24 17:59:26 ----D---- C:\WINDOWS\mui
2009-09-24 17:59:26 ----D---- C:\WINDOWS\msapps
2009-09-24 17:59:26 ----D---- C:\WINDOWS\msagent
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Media
2009-09-24 17:59:26 ----D---- C:\WINDOWS\java
2009-09-24 17:59:26 ----D---- C:\WINDOWS\ime
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Help
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Driver Cache
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Debug
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Cursors
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Connection Wizard
2009-09-24 17:59:26 ----D---- C:\WINDOWS\Config
2009-09-24 17:59:26 ----D---- C:\WINDOWS\AppPatch
2009-09-24 17:59:26 ----D---- C:\WINDOWS\addins
2009-09-24 17:59:26 ----D---- C:\WINDOWS

======List of files/folders modified in the last 3 months======

2009-10-30 21:50:31 ----A---- C:\WINDOWS\win.ini
2009-10-30 21:50:31 ----A---- C:\WINDOWS\system.ini
2009-09-25 08:41:56 ----RASH---- C:\NTDETECT.COM
2009-09-11 06:18:39 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 13:03:36 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-29 00:08:21 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 00:08:21 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 00:08:20 ----N---- C:\WINDOWS\system32\occache.dll
2009-08-29 00:08:20 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-08-29 00:08:18 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 00:08:18 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 00:08:18 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 00:08:18 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 00:08:17 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-08-29 00:08:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 00:08:13 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-28 02:35:52 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-26 00:00:21 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-06 18:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 18:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 18:23:46 ----A---- C:\WINDOWS\system32\muweb.dll
2009-08-05 01:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
S4 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-21 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-03-27 165160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-03 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-08 73728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-21 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Bump.

There's a lot of code here that I have no idea what it means. I've been slightly concerned about the paging operation errors.

Please update Malwarebytes and run one more quick scan and post the log here.

Clean per Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Database version: 3131
Windows 5.1.2600 Service Pack 3

11/8/2009 10:57:42 PM
mbam-log-2009-11-08 (22-57-42).txt

Scan type: Quick Scan
Objects scanned: 99649
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Your log looks clean, Great Job

Now for some cleanup..
Please download OTC and save it to Desktop.

• Please make sure you are connecting to the Internet
• Double-click OTC.exe
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Then go to Start > Run and type: Cleanmgr
• Click "OK".
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
     
     1. Change the Download signed ActiveX controls to Prompt
     2. Change the Download unsigned ActiveX controls to Disable
     3. Change the Initialize and script ActiveX controls not marked as safe to Disable
     4. Change the Installation of desktop items to Prompt
     5. Change the Launching programs and files in an IFRAME to Prompt
     6. Change the Navigate sub-frames across different domains to Prompt
     7. When all these settings have been made, click on the OK button.
     8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  No Firewall Onboard
  
  You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice:
  
  • Online Armor
  • Sunbelt Personal Firewall
  • OutPost Firewall
  
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  
• Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Malwarebytes' Anti-Malware - which you already have.
• SUPER AntiSpyware - A Free AntiSpyware scanner that has great detection ratings.

Thanks for all your help! Hope this does the trick.

You're welcome