redirected msgs + programs wont start

sometimes my computer will freeze up and task manager won't open. i try to open some programs and it won't load but if i do get to open task manager it says that it's running? also when i google things it redirects me to some random website instead of the website i have chosen to go on to. help please? i'm not sure if this is a virus or not but i really wish it'd go away!! also when i try to reboot when my computer freezes up.. it doesn't i have already tried to scan with malwarebytes and it shows nothing is infected.. i have no clue what's going on

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:24 PM, on 2/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.1.0.19\InstStub.exe" /RELAUNCH /RUNONCE /NOPROMPT /PRODID NAV
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US /HIDEBL
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10521 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
  O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
  O15 - Trusted Zone: http://*.trymedia.com (HKLM)
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.44
Database version: 3805
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/27/2010 2:04:55 PM
mbam-log-2010-02-27 (14-04-55).txt

Scan type: Quick Scan
Objects scanned: 135094
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

it has said this before even when i was infected i hope it's right

EDIT: i just tried to reboot and my PC won't let me and i couldn't open programs still.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

this is OTL.txt

OTL logfile created on: 2/27/2010 5:27:19 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 39.75 Gb Free Space | 13.74% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.59 Gb Free Space | 6.63% Space Free | Partition Type: FAT32
Drive E: | 118.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.89 Gb Total Space | 1.42 Gb Free Space | 75.25% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THE_BEST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/27 17:26:32 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/12/01 09:38:47 | 003,951,976 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/08/17 23:06:12 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/06/13 19:05:26 | 016,239,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/05/09 14:50:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/04/07 00:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/04/07 00:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/04/07 00:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/11/10 20:03:52 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
PRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/02/17 06:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/02/02 15:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/09 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [1998/05/07 08:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/27 17:26:32 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2004/08/10 03:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/30 23:11:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/17 23:06:12 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/09 14:50:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/10/22 10:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/06/14 10:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/09 14:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/04/20 13:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/04/13 15:47:38 | 000,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/03/09 10:00:00 | 000,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/10 23:48:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 10:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 10:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 10:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/10/05 14:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/06/29 16:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/08 11:43:28 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/03/08 11:43:26 | 000,051,120 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/03/08 11:43:26 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/09 20:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/09 20:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 13:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 06:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "gmail.com"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.2.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: sxipper@sxip.com:2.3.2
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.5
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 22:41:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/24 22:41:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/12/30 03:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/01/27 17:03:38 | 000,000,000 | ---D | M]

[2009/12/30 02:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/02/26 14:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions
[2009/12/30 02:49:21 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010/01/24 18:56:27 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/01/24 16:40:01 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/01/29 06:10:11 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/02/23 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\nasanightlaunch@example(2).com
[2010/02/03 13:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\sxipper@sxip.com
[2010/02/13 00:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\toolbar@ask.com
[2009/12/30 02:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\youtube2mp3@mondayx.de
[2010/01/15 17:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p81frd50.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/12/30 02:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/30 02:55:40 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2004/08/10 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NAV] C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.1.0.19\InstStub.exe (Symantec Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/16 19:28:33 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/06/17 14:06:37 | 000,000,075 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/08/09 20:05:28 | 000,028,164 | -H-- | M] () - F:\autorun.exe -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 17:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\flashgot.p81frd50.default
[2010/02/27 17:26:31 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/26 20:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\chRO
[2010/02/26 15:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/26 15:40:09 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe
[2010/02/26 08:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/25 12:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/02/25 12:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/25 12:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/24 18:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
[2010/02/23 06:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/02/22 21:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/21 19:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins(2)
[2010/02/21 19:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sony(2)
[2010/02/21 17:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\123 AVI to GIF Converter
[2010/02/21 17:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\vgif
[2010/02/21 00:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sony
[2010/02/21 00:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sony
[2010/02/21 00:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2010/02/21 00:12:03 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/02/13 13:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
[2010/02/13 13:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
[2010/02/13 13:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
[2010/02/07 12:02:03 | 000,028,160 | ---- | C] (WhitSoft Development) -- C:\Documents and Settings\HP_Administrator\Desktop\UnFREEz.exe
[2010/02/05 18:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Version Cue
[2010/02/05 18:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\AdobeStockPhotos
[2010/02/01 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/01 15:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/02/01 14:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2006/11/16 18:43:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/11/16 18:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/11/16 18:43:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/02/19 10:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/27 17:26:32 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/02/27 16:27:44 | 036,469,610 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TFE_TWO.grf
[2010/02/27 16:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/27 16:00:50 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/02/27 15:59:56 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/27 15:59:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/27 15:59:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/27 15:59:49 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/27 15:12:26 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\arrow_down_o.png
[2010/02/27 14:53:06 | 000,019,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\index.php
[2010/02/27 14:39:12 | 000,009,984 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\conan.png
[2010/02/27 14:19:04 | 002,102,045 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\aaron.mp3
[2010/02/26 22:38:15 | 000,000,516 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to RO.lnk
[2010/02/26 21:59:06 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\qtpie.exe.lnk
[2010/02/26 21:52:34 | 000,083,621 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wawa.jpg
[2010/02/26 21:52:00 | 000,021,570 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lif.grf
[2010/02/26 21:10:54 | 000,046,984 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\33zbqdl.jpg
[2010/02/26 20:37:19 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Enter the TFE.exe.lnk
[2010/02/26 18:52:45 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/26 18:06:38 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\130.png
[2010/02/26 18:03:27 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\148.png
[2010/02/26 18:01:28 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\26.png
[2010/02/26 17:59:22 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\92.png
[2010/02/26 17:52:03 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\209.png
[2010/02/26 15:40:17 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/02/26 15:40:10 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe
[2010/02/26 14:21:09 | 000,179,008 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\chRO.rar
[2010/02/26 14:15:07 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fwing_RELOADED.ahk
[2010/02/26 06:10:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
[2010/02/26 06:00:16 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
[2010/02/25 20:16:44 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/02/25 20:16:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/02/24 22:09:27 | 000,150,588 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\photo(2).jpg
[2010/02/24 21:41:28 | 000,144,261 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\photo(1).jpg
[2010/02/24 21:32:13 | 000,141,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\photo.jpg
[2010/02/24 19:38:18 | 000,299,408 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\haha.jpg
[2010/02/24 18:56:04 | 000,183,669 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bl2acks copy.jpg
[2010/02/24 17:56:10 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 16:18:02 | 000,009,425 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2jy49f.png
[2010/02/24 15:09:48 | 002,198,194 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2cz83zn.jpg.gif
[2010/02/23 15:21:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\s
[2010/02/23 14:54:12 | 000,129,395 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\angelina-jolie-022310-8.jpg
[2010/02/23 14:11:29 | 000,003,698 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\default.jpg
[2010/02/23 14:11:29 | 000,003,650 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\default(2).jpg
[2010/02/23 14:11:29 | 000,003,606 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\default(1).jpg
[2010/02/23 13:17:42 | 000,624,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2u4m0jl.jpg.gif
[2010/02/23 07:18:53 | 000,026,595 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sxipper-backup-2010-02-23.zip
[2010/02/23 06:43:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/22 14:10:51 | 002,474,029 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Kayne West - CUT Flashing Lights (High Contrast Remix).mp3
[2010/02/22 14:10:49 | 004,176,137 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Katy Perry - I Kissed A Girl (Receptor Remix).mp3
[2010/02/22 14:10:47 | 003,341,042 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Justin bieber ft. Ludacris - Baby Lyrics.mp3
[2010/02/22 14:10:45 | 003,460,983 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ke$ha - Take It Off.mp3
[2010/02/21 22:43:13 | 134,335,137 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MAI_sWoe_2-21.mp4
[2010/02/21 22:10:56 | 000,041,048 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\11.veg
[2010/02/21 22:04:20 | 000,038,008 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\11.veg.bak
[2010/02/21 19:59:55 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/02/21 19:59:55 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/02/21 19:54:34 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Register Vegas Pro.htm
[2010/02/21 17:40:06 | 012,559,360 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled.avi
[2010/02/21 17:40:06 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled.avi.sfl
[2010/02/21 00:57:11 | 003,881,201 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Viddler com Initial D Special Stage OST 31 Express Love Uploaded by IntendedPun.mp3
[2010/02/21 00:38:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Twunk002.MTX
[2010/02/21 00:18:54 | 596,925,568 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\TerraRE 2010-02-21 00-18-25-04.avi
[2010/02/20 17:59:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/13 22:52:25 | 015,299,204 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Adorish3.avi
[2010/02/13 17:59:01 | 000,134,774 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\sidekick.jpg
[2010/02/13 16:01:55 | 000,525,248 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/13 16:01:55 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/13 16:01:55 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/13 14:17:56 | 000,220,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\yum yum.jpg
[2010/02/05 23:35:34 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pawnage Ragnarok Online.lnk
[2010/02/01 14:11:59 | 001,729,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/28 23:44:40 | 000,101,612 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 16:25:20 | 036,469,610 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TFE_TWO.grf
[2010/02/27 15:12:26 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\arrow_down_o.png
[2010/02/27 14:53:06 | 000,019,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\index.php
[2010/02/27 14:39:12 | 000,009,984 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\conan.png
[2010/02/26 22:38:15 | 000,000,516 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to RO.lnk
[2010/02/26 21:58:40 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\qtpie.exe.lnk
[2010/02/26 21:52:34 | 000,083,621 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wawa.jpg
[2010/02/26 21:51:54 | 000,021,570 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lif.grf
[2010/02/26 21:10:54 | 000,046,984 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\33zbqdl.jpg
[2010/02/26 19:25:06 | 002,102,045 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\aaron.mp3
[2010/02/26 18:06:38 | 000,001,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\130.png
[2010/02/26 18:03:27 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\148.png
[2010/02/26 18:01:28 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\26.png
[2010/02/26 17:59:21 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\92.png
[2010/02/26 17:52:03 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\209.png
[2010/02/26 15:40:17 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/02/26 15:36:29 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Enter the TFE.exe.lnk
[2010/02/26 14:21:00 | 000,179,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\chRO.rar
[2010/02/26 14:14:56 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fwing_RELOADED.ahk
[2010/02/24 22:09:26 | 000,150,588 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\photo(2).jpg
[2010/02/24 21:41:28 | 000,144,261 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\photo(1).jpg
[2010/02/24 21:32:13 | 000,141,232 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\photo.jpg
[2010/02/24 19:38:18 | 000,299,408 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\haha.jpg
[2010/02/24 18:56:04 | 000,183,669 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\bl2acks copy.jpg
[2010/02/24 16:18:02 | 000,009,425 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2jy49f.png
[2010/02/24 15:09:47 | 002,198,194 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2cz83zn.jpg.gif
[2010/02/23 15:21:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\s
[2010/02/23 14:54:12 | 000,129,395 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\angelina-jolie-022310-8.jpg
[2010/02/23 14:11:28 | 000,003,650 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\default(2).jpg
[2010/02/23 14:11:27 | 000,003,698 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\default.jpg
[2010/02/23 14:11:27 | 000,003,606 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\default(1).jpg
[2010/02/23 13:17:41 | 000,624,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2u4m0jl.jpg.gif
[2010/02/23 07:18:51 | 000,026,595 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sxipper-backup-2010-02-23.zip
[2010/02/21 22:11:00 | 134,335,137 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MAI_sWoe_2-21.mp4
[2010/02/21 20:06:54 | 000,041,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\11.veg
[2010/02/21 20:06:54 | 000,038,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\11.veg.bak
[2010/02/21 19:53:08 | 000,002,424 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Register Vegas Pro.htm
[2010/02/21 17:40:06 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled.avi.sfl
[2010/02/21 17:39:58 | 012,559,360 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled.avi
[2010/02/21 00:56:57 | 003,881,201 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Viddler com Initial D Special Stage OST 31 Express Love Uploaded by IntendedPun.mp3
[2010/02/21 00:38:39 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Twunk001.MTX
[2010/02/21 00:38:39 | 000,000,003 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx
[2010/02/21 00:38:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twunk002.MTX
[2010/02/21 00:18:25 | 596,925,568 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\TerraRE 2010-02-21 00-18-25-04.avi
[2010/02/21 00:06:07 | 002,474,029 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Kayne West - CUT Flashing Lights (High Contrast Remix).mp3
[2010/02/20 21:53:16 | 004,176,137 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Katy Perry - I Kissed A Girl (Receptor Remix).mp3
[2010/02/14 17:34:03 | 003,407,872 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/02/13 22:48:08 | 015,299,204 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Adorish3.avi
[2010/02/13 17:59:01 | 000,134,774 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\sidekick.jpg
[2010/02/13 14:17:56 | 000,220,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\yum yum.jpg
[2010/02/11 18:56:50 | 003,341,042 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Justin bieber ft. Ludacris - Baby Lyrics.mp3
[2010/02/09 17:25:23 | 003,460,983 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ke$ha - Take It Off.mp3
[2010/02/05 23:35:34 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pawnage Ragnarok Online.lnk
[2010/01/23 20:51:01 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/01/02 21:20:16 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/30 03:29:24 | 000,420,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/30 03:13:35 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/30 02:31:35 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/11/16 19:56:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/16 19:36:46 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/11/16 19:32:00 | 000,014,318 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/11/16 19:31:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/11/16 19:28:49 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/11/16 19:17:55 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/16 19:17:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/11/16 19:12:20 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/16 19:11:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/11/16 19:09:18 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/11/16 19:08:01 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/16 19:08:01 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/16 19:08:01 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/16 19:08:01 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/11/16 19:08:01 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/16 19:08:01 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/16 19:08:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/16 19:06:48 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/11/16 18:45:49 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/11/16 18:45:49 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/11/16 18:45:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 10:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 19:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/09 20:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/09 20:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/07/26 06:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\DFOresizer.exe:SummaryInformation
< End of report >

extras.txt

OTL Extras logfile created on: 2/27/2010 5:27:19 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 39.75 Gb Free Space | 13.74% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.59 Gb Free Space | 6.63% Space Free | Partition Type: FAT32
Drive E: | 118.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.89 Gb Total Space | 1.42 Gb Free Space | 75.25% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THE_BEST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"58275:TCP" = 58275:TCP:*:Enabled:Pando Media Booster
"58275:UDP" = 58275:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\DFO\DFO.exe" = C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online -- (neople)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AEABBDC-89E6-4AE2-BF99-DA6D188D6F7C}" = LightScribe 1.4.113.1
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{651CA61C-6803-4E74-8CA6-9DA721F1D24E}" = iDumpPod2iTunes
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM_7" = AIM 7
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"DFO" = DFOLauncher
"DISCover" = DISCover
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Netscape Browser" = Netscape Browser (remove only)
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"Pawnage Ragnarok Online" = Pawnage Ragnarok Online
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Raganrok Renewal" = Ragnarok Renewal
"Ragnarok Online" = Ragnarok Online
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"ShockwaveFlash" = Macromedia Flash Player 8
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ToneGen" = NCH Tone Generator
"VLC media player" = VLC media player 1.0.3
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hpmedia Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XfireXO Toolbar" = XfireXO Toolbar
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TerraRE - version 5.0 (29-10-21a)" = TerraRE - version 5.0 (29-10-21a)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/13/2010 5:41:48 PM | Computer Name = THE_BEST | Source = Application Error | ID = 1000
Description = Faulting application helpctr.exe, version 5.1.2600.2180, faulting
module kernel32.dll, version 5.1.2600.2180, fault address 0x0001eb33.

Error - 2/13/2010 5:41:48 PM | Computer Name = THE_BEST | Source = Application Error | ID = 1000
Description = Faulting application helpctr.exe, version 5.1.2600.2180, faulting
module kernel32.dll, version 5.1.2600.2180, fault address 0x0001eb33.

Error - 2/13/2010 5:43:52 PM | Computer Name = THE_BEST | Source = Application Error | ID = 1001
Description = Fault bucket 130409154.

Error - 2/19/2010 6:23:32 PM | Computer Name = THE_BEST | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3685, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2010 6:23:35 PM | Computer Name = THE_BEST | Source = Application Hang | ID = 1001
Description = Fault bucket 1694679004.

Error - 2/23/2010 12:43:16 AM | Computer Name = THE_BEST | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 2/23/2010 3:00:45 AM | Computer Name = THE_BEST | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module mshtml.dll, version 6.0.2900.2873, fault address 0x00079e96.

Error - 2/25/2010 1:29:13 AM | Computer Name = THE_BEST | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module mshtml.dll, version 6.0.2900.2873, fault address 0x000a89c3.

Error - 2/25/2010 1:29:19 AM | Computer Name = THE_BEST | Source = Application Error | ID = 1001
Description = Fault bucket 1662632932.

Error - 2/25/2010 4:50:45 PM | Computer Name = THE_BEST | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.


< End of report >

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
  [2010/02/27 16:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.

OTL by OldTimer - Version 3.1.30.3 log created on 02272010_180629

i was not asked to reboot

That's the one. I want to do a check for a rootkit, but I see traces of Combofix, so I think that has fixed it.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
  

19:38:18:210 9568 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
19:38:18:210 9568 ================================================================================
19:38:18:210 9568 SystemInfo:

19:38:18:210 9568 OS Version: 5.1.2600 ServicePack: 2.0
19:38:18:210 9568 Product type: Workstation
19:38:18:210 9568 ComputerName: THE_BEST
19:38:18:210 9568 UserName: HP_Administrator
19:38:18:210 9568 Windows directory: C:\WINDOWS
19:38:18:210 9568 Processor architecture: Intel x86
19:38:18:210 9568 Number of processors: 2
19:38:18:210 9568 Page size: 0x1000
19:38:18:226 9568 Boot type: Normal boot
19:38:18:226 9568 ================================================================================
19:38:18:226 9568 UnloadDriverW: NtUnloadDriver error 1
19:38:18:226 9568 ForceUnloadDriverW: UnloadDriverW(klmd21) error 1
19:38:18:226 9568 LoadDriverW: Driver already loaded
19:38:18:226 9568 KLMD_DropNLoadW: LoadDriverW(klmd21) error 1056
19:38:18:226 9568 Initialize success
19:38:18:226 9568
19:38:18:226 9568 Scanning Services ...
19:38:18:226 9568 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
19:38:18:226 9568 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:38:18:226 9568 wfopen_ex: Trying to KLMD file open
19:38:18:226 9568 wfopen_ex: File opened ok (Flags 2)
19:38:18:226 9568 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
19:38:18:226 9568 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:38:18:226 9568 wfopen_ex: Trying to KLMD file open
19:38:18:226 9568 wfopen_ex: File opened ok (Flags 2)
19:38:18:476 9568 GetAdvancedServicesInfo: Raw services enum returned 350 services
19:38:18:476 9568 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
19:38:18:476 9568 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
19:38:18:476 9568
19:38:18:476 9568 Scanning Kernel memory ...
19:38:18:476 9568 Devices to scan: 11
19:38:18:476 9568
19:38:18:476 9568 Driver Name: Disk
19:38:18:476 9568 IRP_MJ_CREATE : BA90EC30
19:38:18:476 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:476 9568 IRP_MJ_CLOSE : BA90EC30
19:38:18:476 9568 IRP_MJ_READ : BA908D9B
19:38:18:476 9568 IRP_MJ_WRITE : BA908D9B
19:38:18:476 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:476 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:476 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:476 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:476 9568 IRP_MJ_FLUSH_BUFFERS : BA909366
19:38:18:476 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:476 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:476 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:476 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:476 9568 IRP_MJ_DEVICE_CONTROL : BA90944D
19:38:18:476 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
19:38:18:476 9568 IRP_MJ_SHUTDOWN : BA909366
19:38:18:476 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:476 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:476 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:476 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:476 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:476 9568 IRP_MJ_POWER : BA90AEF3
19:38:18:476 9568 IRP_MJ_SYSTEM_CONTROL : BA90FA24
19:38:18:476 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:476 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:476 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:476 9568 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:38:18:476 9568 sion
19:38:18:522 9568 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:38:18:522 9568
19:38:18:522 9568 Driver Name: Disk
19:38:18:522 9568 IRP_MJ_CREATE : BA90EC30
19:38:18:522 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:522 9568 IRP_MJ_CLOSE : BA90EC30
19:38:18:522 9568 IRP_MJ_READ : BA908D9B
19:38:18:522 9568 IRP_MJ_WRITE : BA908D9B
19:38:18:522 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:522 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:522 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:522 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:522 9568 IRP_MJ_FLUSH_BUFFERS : BA909366
19:38:18:522 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:522 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:522 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:522 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:522 9568 IRP_MJ_DEVICE_CONTROL : BA90944D
19:38:18:522 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
19:38:18:522 9568 IRP_MJ_SHUTDOWN : BA909366
19:38:18:522 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:522 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:522 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:522 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:522 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:522 9568 IRP_MJ_POWER : BA90AEF3
19:38:18:522 9568 IRP_MJ_SYSTEM_CONTROL : BA90FA24
19:38:18:522 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:522 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:522 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:522 9568 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:38:18:522 9568 sion
19:38:18:522 9568 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:38:18:522 9568
19:38:18:522 9568 Driver Name: Disk
19:38:18:522 9568 IRP_MJ_CREATE : BA90EC30
19:38:18:522 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:522 9568 IRP_MJ_CLOSE : BA90EC30
19:38:18:522 9568 IRP_MJ_READ : BA908D9B
19:38:18:522 9568 IRP_MJ_WRITE : BA908D9B
19:38:18:522 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:522 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:522 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:522 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:522 9568 IRP_MJ_FLUSH_BUFFERS : BA909366
19:38:18:522 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:522 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:522 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:522 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:522 9568 IRP_MJ_DEVICE_CONTROL : BA90944D
19:38:18:522 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
19:38:18:522 9568 IRP_MJ_SHUTDOWN : BA909366
19:38:18:522 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:522 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:522 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:522 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:522 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:522 9568 IRP_MJ_POWER : BA90AEF3
19:38:18:522 9568 IRP_MJ_SYSTEM_CONTROL : BA90FA24
19:38:18:522 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:522 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:522 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:522 9568 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:38:18:522 9568 sion
19:38:18:538 9568 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:38:18:538 9568
19:38:18:538 9568 Driver Name: Disk
19:38:18:538 9568 IRP_MJ_CREATE : BA90EC30
19:38:18:538 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:538 9568 IRP_MJ_CLOSE : BA90EC30
19:38:18:538 9568 IRP_MJ_READ : BA908D9B
19:38:18:538 9568 IRP_MJ_WRITE : BA908D9B
19:38:18:538 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:538 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:538 9568 IRP_MJ_FLUSH_BUFFERS : BA909366
19:38:18:538 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_DEVICE_CONTROL : BA90944D
19:38:18:538 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
19:38:18:538 9568 IRP_MJ_SHUTDOWN : BA909366
19:38:18:538 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:538 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:538 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:538 9568 IRP_MJ_POWER : BA90AEF3
19:38:18:538 9568 IRP_MJ_SYSTEM_CONTROL : BA90FA24
19:38:18:538 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:538 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:538 9568 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:38:18:538 9568 sion
19:38:18:538 9568 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:38:18:538 9568
19:38:18:538 9568 Driver Name: usbstor
19:38:18:538 9568 IRP_MJ_CREATE : B1719218
19:38:18:538 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:538 9568 IRP_MJ_CLOSE : B1719218
19:38:18:538 9568 IRP_MJ_READ : B171923C
19:38:18:538 9568 IRP_MJ_WRITE : B171923C
19:38:18:538 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:538 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:538 9568 IRP_MJ_FLUSH_BUFFERS : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_DEVICE_CONTROL : B1719180
19:38:18:538 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : B17149E6
19:38:18:538 9568 IRP_MJ_SHUTDOWN : 804F4282
19:38:18:538 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:538 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:538 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:538 9568 IRP_MJ_POWER : B17185F0
19:38:18:538 9568 IRP_MJ_SYSTEM_CONTROL : B1716A6E
19:38:18:538 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:538 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:538 9568 siohd: 0
19:38:18:538 9568 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:38:18:538 9568
19:38:18:538 9568 Driver Name: usbstor
19:38:18:538 9568 IRP_MJ_CREATE : B1719218
19:38:18:538 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:538 9568 IRP_MJ_CLOSE : B1719218
19:38:18:538 9568 IRP_MJ_READ : B171923C
19:38:18:538 9568 IRP_MJ_WRITE : B171923C
19:38:18:538 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:538 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:538 9568 IRP_MJ_FLUSH_BUFFERS : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_DEVICE_CONTROL : B1719180
19:38:18:538 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : B17149E6
19:38:18:538 9568 IRP_MJ_SHUTDOWN : 804F4282
19:38:18:538 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:538 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:538 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:538 9568 IRP_MJ_POWER : B17185F0
19:38:18:538 9568 IRP_MJ_SYSTEM_CONTROL : B1716A6E
19:38:18:538 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:538 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:538 9568 siohd: 0
19:38:18:538 9568 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:38:18:538 9568
19:38:18:538 9568 Driver Name: usbstor
19:38:18:538 9568 IRP_MJ_CREATE : B1719218
19:38:18:538 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:538 9568 IRP_MJ_CLOSE : B1719218
19:38:18:538 9568 IRP_MJ_READ : B171923C
19:38:18:538 9568 IRP_MJ_WRITE : B171923C
19:38:18:538 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:538 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:538 9568 IRP_MJ_FLUSH_BUFFERS : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:538 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_DEVICE_CONTROL : B1719180
19:38:18:538 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : B17149E6
19:38:18:538 9568 IRP_MJ_SHUTDOWN : 804F4282
19:38:18:538 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:538 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:538 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:538 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:538 9568 IRP_MJ_POWER : B17185F0
19:38:18:538 9568 IRP_MJ_SYSTEM_CONTROL : B1716A6E
19:38:18:538 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:538 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:538 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:538 9568 siohd: 0
19:38:18:554 9568 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:38:18:554 9568
19:38:18:554 9568 Driver Name: usbstor
19:38:18:554 9568 IRP_MJ_CREATE : B1719218
19:38:18:554 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:554 9568 IRP_MJ_CLOSE : B1719218
19:38:18:554 9568 IRP_MJ_READ : B171923C
19:38:18:554 9568 IRP_MJ_WRITE : B171923C
19:38:18:554 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:554 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:554 9568 IRP_MJ_FLUSH_BUFFERS : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_DEVICE_CONTROL : B1719180
19:38:18:554 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : B17149E6
19:38:18:554 9568 IRP_MJ_SHUTDOWN : 804F4282
19:38:18:554 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:554 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:554 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:554 9568 IRP_MJ_POWER : B17185F0
19:38:18:554 9568 IRP_MJ_SYSTEM_CONTROL : B1716A6E
19:38:18:554 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:554 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:554 9568 siohd: 0
19:38:18:554 9568 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:38:18:554 9568
19:38:18:554 9568 Driver Name: Disk
19:38:18:554 9568 IRP_MJ_CREATE : BA90EC30
19:38:18:554 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:554 9568 IRP_MJ_CLOSE : BA90EC30
19:38:18:554 9568 IRP_MJ_READ : BA908D9B
19:38:18:554 9568 IRP_MJ_WRITE : BA908D9B
19:38:18:554 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:554 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:554 9568 IRP_MJ_FLUSH_BUFFERS : BA909366
19:38:18:554 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_DEVICE_CONTROL : BA90944D
19:38:18:554 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
19:38:18:554 9568 IRP_MJ_SHUTDOWN : BA909366
19:38:18:554 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:554 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:554 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:554 9568 IRP_MJ_POWER : BA90AEF3
19:38:18:554 9568 IRP_MJ_SYSTEM_CONTROL : BA90FA24
19:38:18:554 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:554 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:554 9568 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:38:18:554 9568 sion
19:38:18:554 9568 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:38:18:554 9568
19:38:18:554 9568 Driver Name: Disk
19:38:18:554 9568 IRP_MJ_CREATE : BA90EC30
19:38:18:554 9568 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
19:38:18:554 9568 IRP_MJ_CLOSE : BA90EC30
19:38:18:554 9568 IRP_MJ_READ : BA908D9B
19:38:18:554 9568 IRP_MJ_WRITE : BA908D9B
19:38:18:554 9568 IRP_MJ_QUERY_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_SET_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_EA : 804F4282
19:38:18:554 9568 IRP_MJ_SET_EA : 804F4282
19:38:18:554 9568 IRP_MJ_FLUSH_BUFFERS : BA909366
19:38:18:554 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
19:38:18:554 9568 IRP_MJ_DIRECTORY_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_DEVICE_CONTROL : BA90944D
19:38:18:554 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
19:38:18:554 9568 IRP_MJ_SHUTDOWN : BA909366
19:38:18:554 9568 IRP_MJ_LOCK_CONTROL : 804F4282
19:38:18:554 9568 IRP_MJ_CLEANUP : 804F4282
19:38:18:554 9568 IRP_MJ_CREATE_MAILSLOT : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_SECURITY : 804F4282
19:38:18:554 9568 IRP_MJ_SET_SECURITY : 804F4282
19:38:18:554 9568 IRP_MJ_POWER : BA90AEF3
19:38:18:554 9568 IRP_MJ_SYSTEM_CONTROL : BA90FA24
19:38:18:554 9568 IRP_MJ_DEVICE_CHANGE : 804F4282
19:38:18:554 9568 IRP_MJ_QUERY_QUOTA : 804F4282
19:38:18:554 9568 IRP_MJ_SET_QUOTA : 804F4282
19:38:18:554 9568 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:38:18:554 9568 sion
19:38:18:554 9568 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:38:18:554 9568
19:38:18:554 9568 Driver Name: atapi
19:38:18:554 9568 IRP_MJ_CREATE : 8A23BA9A
19:38:18:554 9568 IRP_MJ_CREATE_NAMED_PIPE : 8A23BA9A
19:38:18:554 9568 IRP_MJ_CLOSE : 8A23BA9A
19:38:18:554 9568 IRP_MJ_READ : 8A23BA9A
19:38:18:554 9568 IRP_MJ_WRITE : 8A23BA9A
19:38:18:554 9568 IRP_MJ_QUERY_INFORMATION : 8A23BA9A
19:38:18:554 9568 IRP_MJ_SET_INFORMATION : 8A23BA9A
19:38:18:554 9568 IRP_MJ_QUERY_EA : 8A23BA9A
19:38:18:554 9568 IRP_MJ_SET_EA : 8A23BA9A
19:38:18:554 9568 IRP_MJ_FLUSH_BUFFERS : 8A23BA9A
19:38:18:554 9568 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A23BA9A
19:38:18:554 9568 IRP_MJ_SET_VOLUME_INFORMATION : 8A23BA9A
19:38:18:554 9568 IRP_MJ_DIRECTORY_CONTROL : 8A23BA9A
19:38:18:554 9568 IRP_MJ_FILE_SYSTEM_CONTROL : 8A23BA9A
19:38:18:554 9568 IRP_MJ_DEVICE_CONTROL : 8A23BA9A
19:38:18:554 9568 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A23BA9A
19:38:18:554 9568 IRP_MJ_SHUTDOWN : 8A23BA9A
19:38:18:554 9568 IRP_MJ_LOCK_CONTROL : 8A23BA9A
19:38:18:554 9568 IRP_MJ_CLEANUP : 8A23BA9A
19:38:18:554 9568 IRP_MJ_CREATE_MAILSLOT : 8A23BA9A
19:38:18:554 9568 IRP_MJ_QUERY_SECURITY : 8A23BA9A
19:38:18:554 9568 IRP_MJ_SET_SECURITY : 8A23BA9A
19:38:18:554 9568 IRP_MJ_POWER : 8A23BA9A
19:38:18:554 9568 IRP_MJ_SYSTEM_CONTROL : 8A23BA9A
19:38:18:554 9568 IRP_MJ_DEVICE_CHANGE : 8A23BA9A
19:38:18:554 9568 IRP_MJ_QUERY_QUOTA : 8A23BA9A
19:38:18:554 9568 IRP_MJ_SET_QUOTA : 8A23BA9A
19:38:18:554 9568 ihd1
19:38:18:554 9568 siolchd1
19:38:18:554 9568 siohd: 0
19:38:18:569 9568 C:\WINDOWS\system32\drivers\tskEC.tmp - Verdict: Clean
19:38:18:569 9568
19:38:18:569 9568 Completed
19:38:18:569 9568
19:38:18:569 9568 Results:
19:38:18:569 9568 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:38:18:569 9568 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:38:18:569 9568 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:38:18:569 9568
19:38:18:569 9568 UnloadDriverW: NtUnloadDriver error 1
19:38:18:569 9568 KLMD_Unload: UnloadDriverW(klmd21) error 1
19:38:18:569 9568 KLMD(ARK) unloaded successfully

sigh same thing happened just now. couldn't reboot or open firefox and i had to force restart

i wonder if this is a problem with my computer or the virus reocurring?

Hello.

There are a lot of picture files on your Desktop, are you aware of them?

yes i am. i cleaned my desktop up last night before i went to sleep and now it's not so cluttered lol. might this be causing it? D:

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar
J2SE Runtime Environment 5.0 Update 6

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:08:10 PM, on 2/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\mIRC\mirc.exe
C:\Nexon\DFO\DFOCP.exe
C:\Documents and Settings\HP_Administrator\Desktop\DFOresizer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.1.0.19\InstStub.exe" /RELAUNCH /RUNONCE /NOPROMPT /PRODID NAV
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US /HIDEBL
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10077 bytes

Hello.
Lets shut off some un-needed processes at startup.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
  O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
  O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
  O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US /HIDEBL
  O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
  O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot normally.

is the machine any faster now?