[RESOLVED] Hotmail sending out spam from my puter?

OTL txt Part 1 of 3 follows

OTL logfile created on: 9/6/2010 8:04:28 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 665.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 0.73 Gb Free Space | 2.63% Space Free | Partition Type: FAT32
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 227.09 Gb Free Space | 97.51% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHILOH
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/06 07:59:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/28 14:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 14:57:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\providerComcast\bin\tgsrvc.exe
PRC - [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/09/06 14:53:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2002/03/19 11:01:02 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe


========== Modules (SafeList) ==========

MOD - [2010/09/06 07:59:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj00.exe -- (hpdj00)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 14:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 14:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 14:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/05/02 12:40:34 | 000,398,704 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 15:09:24 | 000,102,400 | ---- | M] (Intel Corp.) [Disabled | Stopped] -- C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe -- (imonNT) Intel(R)
SRV - [2002/01/21 12:31:56 | 000,507,904 | ---- | M] (Roxio, Inc.) [Disabled | Stopped] -- C:\Program Files\Roxio\GoBack\GBPoll.exe -- (GBPoll)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PCIDATA.sys -- (PCIDATA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\IPFilter.sys -- (IPFilter)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 14:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 14:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 14:32:34 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/10/19 17:56:12 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/10/19 17:56:10 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/09/17 11:24:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005/06/28 21:01:56 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/16 02:10:06 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/25 20:29:18 | 000,322,031 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2003/04/03 12:59:06 | 000,329,120 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3c1807pd.sys -- (3c1807pd)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/08/14 09:00:00 | 000,004,112 | ---- | M] (Eisenworld, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AloPar.sys -- (AloPar)
DRV - [2002/08/14 00:00:00 | 000,093,594 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/08/14 00:00:00 | 000,013,782 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/08/04 15:45:30 | 000,025,932 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdpnp.sys -- (wdpnp)
DRV - [2002/05/03 15:07:24 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2002/05/03 15:07:06 | 000,016,480 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iSMBIOS.SYS -- (iSMBIOS)
DRV - [2002/03/26 11:43:34 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2002/01/28 16:37:16 | 000,030,811 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smb.sys -- (smbusp) Intel(R)
DRV - [2002/01/21 12:37:44 | 000,003,945 | ---- | M] (Roxio, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GBDevice.sys -- (GBDevice)
DRV - [2002/01/21 12:37:12 | 000,015,024 | ---- | M] (Roxio, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\GBFSHook.sys -- (GBFSHook)
DRV - [2002/01/21 12:36:42 | 000,156,301 | ---- | M] (Roxio, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GoBack2K.sys -- (GoBack2K)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...Jn.dr96yaGB8nw
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2005/10/03 19:58:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2005/10/03 19:58:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 5\components [2010/01/05 17:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins [2010/01/05 17:51:08 | 000,000,000 | ---D | M]

[2010/01/05 17:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2004/09/17 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qozio26y.default\extensions
[2009/04/26 11:07:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qozio26y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/06/17 07:11:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qozio26y.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/04/17 08:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qozio26y.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2007/06/17 08:43:04 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qozio26y.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008/06/21 07:45:02 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qozio26y.default\searchplugins\wikipedia.xml
[2008/06/21 07:45:02 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qozio26y.default\searchplugins\IMDB.xml
[2005/10/03 19:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/23 08:14:16 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/09/05 20:36:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7754C418-F62E-44AA-B169-E719E718BCFD} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

OTL txt part 2 of 3 follows.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/softwareupda...31/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} file://D:\content\include\XPPatchInstaller.CAB (PatchInstaller.Installer)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1204412927703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1226205095781 (MUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab (HouseCall Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor...fo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} file://D:\Content\include\msSecUcd.cab (MSSecurityAdvisorCD Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupda...5035/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:1 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/22 17:28:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/06 07:59:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/05 20:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/05 20:23:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/05 20:20:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/05 20:20:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/05 20:20:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/05 20:20:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/05 20:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/05 20:15:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/03 22:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/09/03 22:08:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/03 22:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/03 22:08:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/03 22:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/03 22:03:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/08/19 12:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2010/08/15 12:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/08/15 12:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/07/20 14:04:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/11 17:54:55 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/11 17:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/07 09:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Coby Media Manager
[2010/07/07 09:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
[2010/07/07 09:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Coby
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/06 08:07:14 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/09/06 07:59:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/05 20:36:52 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/05 20:36:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 20:35:54 | 1072,549,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/05 20:35:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/05 20:23:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/05 20:17:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 20:16:06 | 003,837,097 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/04 10:30:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/09/03 23:00:46 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/09/03 22:34:50 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\qshkyw1m.exe
[2010/09/03 22:08:08 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 22:03:18 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/08/25 20:06:34 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/15 13:11:42 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
[2010/08/15 12:53:22 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/08/14 08:01:42 | 000,069,978 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ATT00001.jpg
[2010/08/13 08:02:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 03:17:38 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:07:58 | 000,435,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:07:56 | 000,493,914 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:07:56 | 000,069,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/08 21:14:22 | 000,035,320 | ---- | M] () -- C:\WINDOWS\Owner.acl
[2010/08/08 21:13:56 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to My Documents.lnk
[2010/08/08 21:11:34 | 001,533,907 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\scan0004.tif
[2010/07/11 17:55:36 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/11 17:55:36 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/07 09:16:46 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Coby Media Manager.lnk
[2010/06/28 14:57:34 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 14:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 14:33:14 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 14:32:46 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 14:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 14:32:34 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/21 22:01:36 | 000,006,601 | ---- | M] () -- C:\WINDOWS\Owner8.xlb
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[

OTL txt part 3 of 3 follows

2010/09/05 20:23:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/05 20:23:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/05 20:20:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/05 20:20:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/05 20:20:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/05 20:20:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/05 20:20:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/04 10:35:38 | 003,837,097 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/04 10:30:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/09/03 23:00:51 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/09/03 22:38:06 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\qshkyw1m.exe
[2010/09/03 22:08:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/14 08:01:58 | 000,069,978 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ATT00001.jpg
[2010/08/08 21:13:33 | 001,533,907 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\scan0004.tif
[2010/07/11 17:55:35 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/07 09:16:45 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Coby Media Manager.lnk
[2008/05/20 08:05:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\imageCache.db
[2008/03/08 15:28:22 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Topo3.ini
[2008/03/02 11:00:42 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2007/10/19 17:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 17:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/19 17:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 02:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/28 13:36:05 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/26 13:09:50 | 000,006,084 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1150073362_PROTOCOL.log
[2006/09/26 13:09:50 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1150073362_UI.log
[2006/09/26 13:09:50 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1150073362_API.log
[2006/09/26 13:09:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/09/03 11:40:49 | 000,022,957 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/09/03 11:40:49 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/09/03 11:40:37 | 000,002,060 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HPSU_48BitScanUpdate.log
[2006/09/03 11:40:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/03 11:33:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2006/09/03 11:33:40 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2006/09/03 11:33:40 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/09/03 11:33:22 | 000,002,397 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/09/03 11:33:22 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/09/03 11:33:13 | 000,002,773 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_InstantShareJPG.log
[2006/09/03 11:33:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/09/03 11:29:44 | 000,003,550 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/09/03 11:29:44 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/09/03 11:21:02 | 000,070,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/09/03 11:21:02 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/05/08 13:44:08 | 000,011,185 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/05/08 13:44:08 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/05 19:34:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/19 11:58:21 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2005/12/19 11:58:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2005/11/13 11:24:40 | 000,000,092 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/05/04 08:23:21 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/05/04 08:23:21 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/05/04 07:52:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/03/07 20:38:55 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/11 10:36:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/01/05 16:05:14 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2004/01/05 15:27:07 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/05 14:49:46 | 000,012,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/11/27 16:21:22 | 000,001,571 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/08/07 19:47:08 | 000,001,998 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/08/06 08:42:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\dfxdSm.dll
[2003/08/06 08:42:19 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dfxgSm.dll
[2003/08/06 08:42:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dfxcSm.dll
[2003/08/06 08:29:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/06/22 18:16:45 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2003/06/22 18:15:45 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2003/06/22 18:11:18 | 000,000,081 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2003/06/22 15:06:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\alohabob.INI
[2003/06/22 15:04:27 | 000,000,242 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/06/22 14:51:15 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBBC.sys
[2003/06/22 13:38:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/06/22 12:26:56 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2003/06/22 12:26:55 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2003/04/14 11:10:47 | 000,036,028 | ---- | C] () -- C:\WINDOWS\System32\hpothk16.dll
[2003/04/14 11:10:44 | 000,016,780 | ---- | C] () -- C:\WINDOWS\System32\hpoctk16.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/04/11 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/02/04 22:39:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\3CDPUMP.DLL
[2002/01/15 01:52:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PTISTP.DLL
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/04/23 18:48:56 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/04/20 18:08:58 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System32\SETUPKIT.DLL
[2001/04/08 13:49:40 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2001/03/22 20:36:10 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
[2001/03/22 15:44:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[2000/12/01 15:30:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ycomp.dll
[2000/09/26 19:53:22 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\MSVWWIN.DLL
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/05/20 18:35:23 | 000,000,363 | ---- | C] () -- C:\WINDOWS\MMKeybd.ini
[1998/05/20 18:35:23 | 000,000,273 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[1998/05/20 18:35:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[1998/05/20 18:21:36 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\rdbios32.dll
[1998/05/15 02:30:16 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL
[1998/05/11 20:01:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1998/05/11 20:01:00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL
[1998/05/11 20:01:00 | 000,049,616 | ---- | C] () -- C:\WINDOWS\System32\JCB.DLL
[1998/05/11 20:01:00 | 000,048,088 | ---- | C] () -- C:\WINDOWS\System32\DSCVR.DLL
[1998/05/11 20:01:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OEMREG.DLL
[1998/05/11 20:01:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GROUPPOL.DLL
[1998/05/11 20:01:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL
[1998/05/11 20:01:00 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL
[1998/04/03 12:18:40 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\HPSOCEX.DLL
[1997/10/15 15:17:06 | 000,013,600 | ---- | C] () -- C:\WINDOWS\System32\HPMODELD.DLL
[1997/08/19 09:59:56 | 000,014,320 | ---- | C] () -- C:\WINDOWS\System32\MSIOSD16.DLL
[1996/12/04 00:00:00 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1996/12/04 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1996/12/04 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/04 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/08/06 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[1996/07/18 07:45:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\URMCFG32.DLL
[1996/07/18 07:45:10 | 000,017,446 | ---- | C] () -- C:\WINDOWS\System32\URMCFG16.DLL
[1996/07/18 07:44:44 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\URMCLN32.DLL
[1996/07/18 07:44:32 | 000,009,792 | ---- | C] () -- C:\WINDOWS\System32\URMCLN16.DLL

========== LOP Check ==========

[2003/06/22 18:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\interMute
[2006/04/09 09:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/11/10 19:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/12/20 12:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2009/12/19 22:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/04 17:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/04 17:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/09 22:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/11 17:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/06/19 22:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/07/30 13:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2003/11/12 14:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/03/07 15:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ieSpell
[2004/12/21 21:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2005/04/22 22:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IrfanView
[2006/07/30 10:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/08/03 11:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2008/02/12 09:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/02/26 14:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OverDrive
[2010/07/07 09:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coby Media Manager
[2010/08/15 12:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/08/19 12:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express

========== Purity Check ==========



========== Custom Scans ==========


< &#37;SYSTEMDRIVE%\*.* >
[2010/09/05 20:35:50 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/04/26 16:59:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/03/19 21:50:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/05 20:23:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2003/06/22 17:28:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/06/22 17:28:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2003/06/22 17:28:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/06/22 17:28:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/05 20:35:54 | 1072,549,888 | -HS- | M] () -- C:\hiberfil.sys
[2004/07/05 14:30:32 | 001,064,960 | -H-- | M] () -- C:\ffastun0.ffx
[2010/09/05 20:41:56 | 000,019,251 | ---- | M] () -- C:\ComboFix.txt
[2004/07/05 14:30:32 | 000,245,760 | -H-- | M] () -- C:\ffastun.ffo
[2004/07/05 14:30:32 | 000,843,776 | -H-- | M] () -- C:\ffastun.ffl
[2004/07/05 14:30:32 | 000,004,717 | -H-- | M] () -- C:\ffastun.ffa
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/01/08 07:46:42 | 000,000,043 | ---- | M] () -- C:\ver.txt
[2004/07/05 20:43:02 | 000,004,500 | ---- | M] () -- C:\PollSt.txt
[2009/04/26 11:16:06 | 001,257,989 | ---- | M] () -- C:\caisslog.txt
[2008/12/09 08:03:40 | 011,939,610 | ---- | M] (Lenovo ) -- C:\sdd_setup.exe
[2004/07/29 21:42:04 | 002,678,960 | ---- | M] () -- C:\u7avi333wu.bin
[2006/04/09 09:51:16 | 000,007,367 | ---- | M] () -- C:\caavsetup.log
[2008/03/01 18:29:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2004/07/05 14:42:02 | 000,010,158 | ---- | M] () -- C:\hpcmerr.log
[2004/05/02 20:03:42 | 000,160,768 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\HijackThis.exe
[2004/05/02 20:05:58 | 000,000,058 | ---- | M] () -- C:\backup-20040502-200556-523
[2004/05/02 20:05:58 | 000,000,121 | ---- | M] () -- C:\backup-20040502-200556-440
[2004/05/04 18:34:42 | 000,769,031 | ---- | M] (Network Associates Inc.) -- C:\stinger.exe
[2008/02/12 13:00:18 | 000,036,793 | ---- | M] () -- C:\caavsetupLog.txt
[2008/01/10 18:19:44 | 000,000,246 | ---- | M] () -- C:\WabSync.log
[2008/02/12 12:51:28 | 000,012,983 | ---- | M] () -- C:\SB_uninstall_log.html
[2008/11/09 16:20:48 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[2003/08/04 07:06:00 | 000,000,551 | -H-- | M] () -- C:\os257448.bin
[2003/06/29 18:55:32 | 000,032,499 | ---- | M] () -- C:\~ABTXLOG.000
[2003/06/29 19:15:44 | 003,104,694 | RHS- | M] () -- C:\~ABTXLOG
[2003/09/09 10:27:02 | 000,003,905 | ---- | M] () -- C:\NTFY_CD.LOG
[2006/11/01 12:50:10 | 3001,548,800 | -HS- | M] () -- C:\gobackio.bin

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/06/22 17:07:36 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2003/06/22 17:07:36 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/06/22 17:07:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-19 03:07:03
< End of report >

Extras txt Part 1 of 2 follows

OTL Extras logfile created on: 9/6/2010 8:04:28 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 665.00 Mb Available Physical Memory | 65.00&#37; Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 0.73 Gb Free Space | 2.63% Space Free | Partition Type: FAT32
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 227.09 Gb Free Space | 97.51% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHILOH
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\hp\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\hp\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}" = Intel(R) Active Monitor
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A202CE5-2F2C-484F-B43E-523943D68E68}" = Where Am I Dataset
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{45C5421D-7A5E-4FE9-8F42-D98DF070E783}" = Coby Media Manager
"{45FEE772-AAD2-4d52-BA21-63E484D75984}" = NetLibrary Media Center
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6539AC4E-1146-479C-9774-A8949B1ECEF3}" = ATI Catalyst Control Center
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7DAB4A00-571E-11D4-A1EF-00A0CC56ED6A}" = Alohabob PC Relocator
"{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}" = Comcast User Setup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD096AC-C38F-45EF-BBDC-F4DA37C9EA49}" = ENLASO Rainbow 4
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe&#174; Photoshop&#174; Album Starter Edition 3.2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B03BCD4F-B04F-4680-89AD-455473595D6A}" = From the Ground Up Lite
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA0CA1B4-5491-11D7-97BC-00055D0CA761}" = Roxio DVDMAX Player
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1121C1F-1962-4A23-B2C2-B9515C837179}" = OverDrive Media Console
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{DCBE96DF-822C-401C-8DD2-0F3539637ADE}" = Microsoft ASP.NET Web Matrix
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe&#174; Photoshop&#174; Album Starter Edition 3.2" = Adobe&#174; Photoshop&#174; Album Starter Edition 3.2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"avast5" = avast! Free Antivirus
"Business Card Maker" = Business Card Maker
"CCleaner" = CCleaner
"DeleteProdVVFW91Full_US" = IBM ViaVoice Pro USB 9.1 - US English
"DFX for RealNetworks" = DFX for RealNetworks
"DVDXCopyXpress" = DVDXCopy Xpress 3.2.1
"Excel" = Microsoft Excel 97
"FLV Player" = FLV Player 2.0, build 23
"getPlus(R)_dll" = getPlus(R)_dll
"GoBack" = GoBack Personal Edition
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell 2.0.1 (build 325)
"Installing HSP56 MicroModem Drivers" = HSP56 Modem Drivers
"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSPUB4" = Microsoft Publisher 97
"nLite_is1" = nLite 1.4.9.1
"NTI CD-Maker 2000 Plus" = NTI CD-Maker 2000 Plus
"One-touch Multimedia Keyboard" = One-touch Multimedia Keyboard
"RealAlt_is1" = Real Alternative 1.7.5
"Tweak UI 2.10" = Tweak UI
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Script" = Microsoft Windows Script 5.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/29/2010 8:39:18 PM | Computer Name = SHILOH | Source = avast! | ID = 33554522
Description =

Error - 4/29/2010 9:19:28 PM | Computer Name = SHILOH | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 7/20/2010 12:54:58 AM | Computer Name = SHILOH | Source = ESENT | ID = 428
Description = wuauclt (2560) The database engine is rejecting update operations
due to low free disk space on the log disk.

Error - 7/20/2010 12:54:58 AM | Computer Name = SHILOH | Source = ESENT | ID = 482
Description = wuauclt (2560) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system
error 112 (0x00000070): "There is not enough space on the disk. ". The write operation
will fail with error -1808 (0xfffff8f0). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 7/20/2010 12:54:58 AM | Computer Name = SHILOH | Source = ESENT | ID = 486
Description = wuauclt (2560) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system
error 2 (0x00000002): "The system cannot find the file specified. ". The move
file operation will fail with error -1811 (0xfffff8ed).

Error - 7/20/2010 12:54:58 AM | Computer Name = SHILOH | Source = ESENT | ID = 482
Description = wuauclt (2560) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system
error 112 (0x00000070): "There is not enough space on the disk. ". The write operation
will fail with error -1808 (0xfffff8f0). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 7/20/2010 12:54:59 AM | Computer Name = SHILOH | Source = ESENT | ID = 486
Description = wuauclt (2560) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system
error 2 (0x00000002): "The system cannot find the file specified. ". The move
file operation will fail with error -1811 (0xfffff8ed).

Extras txt Part 2 of 2 follows

Error - 7/20/2010 12:54:59 AM | Computer Name = SHILOH | Source = ESENT | ID = 486
Description = wuauclt (2560) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res1.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system
error 2 (0x00000002): "The system cannot find the file specified. ". The move
file operation will fail with error -1811 (0xfffff8ed).

Error - 7/20/2010 12:54:59 AM | Computer Name = SHILOH | Source = ESENT | ID = 429
Description = wuaueng.dll (2560) SUS20ClientDataStore: The database engine log disk
is full. Deleting logfiles to recover disk space may make your database unstartable
if the database file(s) are Inconsistent. Numbered logfiles may be moved, but not
deleted, if and only if the database file(s) are Consistent. Do not move edb.log.

Error - 7/20/2010 12:54:59 AM | Computer Name = SHILOH | Source = ESENT | ID = 413
Description = wuauclt (2560) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1811.

Error - 7/20/2010 12:54:59 AM | Computer Name = SHILOH | Source = ESENT | ID = 492
Description = wuauclt (2560) The logfile sequence in "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\"
has been halted due to a fatal error. No further updates are possible for the
databases that use this logfile sequence. Please correct the problem and restart
or restore from backup.

Error - 7/20/2010 12:54:59 AM | Computer Name = SHILOH | Source = ESENT | ID = 471
Description = wuauclt (2560) Unable to rollback operation #2621 on database C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb.
Error: -510. All future database updates will be rejected.

[ System Events ]
Error - 9/4/2010 12:28:16 AM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The hpdj00 service failed to start due to the following error: &#37;%2

Error - 9/4/2010 12:28:16 AM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The WinDriver service failed to start due to the following error:
%%2

Error - 9/4/2010 12:50:51 AM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The hpdj00 service failed to start due to the following error: %%2

Error - 9/4/2010 12:50:51 AM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The WinDriver service failed to start due to the following error:
%%2

Error - 9/4/2010 11:34:15 AM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The hpdj00 service failed to start due to the following error: %%2

Error - 9/4/2010 11:34:15 AM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The WinDriver service failed to start due to the following error:
%%2

Error - 9/5/2010 10:19:30 PM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The hpdj00 service failed to start due to the following error: %%2

Error - 9/5/2010 10:19:30 PM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The WinDriver service failed to start due to the following error:
%%2

Error - 9/5/2010 10:38:00 PM | Computer Name = SHILOH | Source = Service Control Manager | ID = 7000
Description = The hpdj00 service failed to start due to the following error: %%2

Error - 9/5/2010 11:28:50 PM | Computer Name = SHILOH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}


< End of report >

You're running extremely low on C drive free space:

Quote:

---

Drive C: | 27.93 Gb Total Space | 0.73 Gb Free Space | 2.63&#37; Space Free

---

At that level, your computer may not boot one day.
It's time to move some stuff out.

================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7754C418-F62E-44AA-B169-E719E718BCFD} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/08/15 12:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

I do know I am running low on disk space. I moved all my Documents to my Maxdor drive and I just don't know what else to move. How can I find out what stuff I can move?

Get this. It'll show you what takes space...

Download, and install Disk Space Reporter: http://www.softpedia.com/get/System/...Reporter.shtml
In opening windows, select a drive to be scanned. Make sure, there is a checkmark in Store filenames in database.
Click Start button.

You may also consider bigger drive. 30GB is not much...

Meanwhile, you can continue with other steps.

OTL log here:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7754C418-F62E-44AA-B169-E719E718BCFD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7754C418-F62E-44AA-B169-E719E718BCFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\005495_.tmp deleted successfully.
C:\WINDOWS\DUMP36bf.tmp deleted successfully.
C:\WINDOWS\002358_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster\history folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Uniblue folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 671843 bytes
->Temporary Internet Files folder emptied: 659745 bytes
->Java cache emptied: 535910 bytes
->FireFox cache emptied: 146370443 bytes
->Apple Safari cache emptied: 891904 bytes
->Flash cache emptied: 129615 bytes

User: TJ Krest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tj krest.shiloh

&#37;systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1758069 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 98706 bytes
RecycleBin emptied: 196608 bytes

Total Files Cleaned = 144.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Owner
->Flash cache emptied: 0 bytes

User: TJ Krest

User: Tj krest.shiloh

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09092010_081932

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

results of Checkup txt here:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
TweakNow RegCleaner
EasyCleaner
Java(TM) 6 Update 3
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
Mozilla Firefox (3.6.9)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

Latest trend in spamming, brute force hotmail attacks. Use a pw of at LEAST 10 mixed characters and it'll cease.

Kaspersky report says there are no threats. Report was blank.

BTW I did change my PW to a hard password about 6 hours ago.

At this point have I wiped my computer clean of any worms,virus, etc.?

If you updated your Java already....


Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

---

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

OTL log follows.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 123569503 bytes
->Temporary Internet Files folder emptied: 249627 bytes
->Java cache emptied: 130127 bytes
->FireFox cache emptied: 52759789 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1566 bytes

User: TJ Krest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Tj krest.shiloh

&#37;systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 169.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Owner
->Flash cache emptied: 0 bytes

User: TJ Krest

User: Tj krest.shiloh

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.11.0 log created on 09102010_213926

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...