Avast disabled and non fixable after logging off and booting up...AGAIN!!!

My Avast program became disabled when I logged off my computer (7/8/10)and logged back on the next day. That was Thursday night and logged back on Friday morning. I could not fix it or restart it.

I took the computer to my ISP and their repairman removed the old copy of Avast and put a new one in for me. I ran the new version of Avast and it says my computer is clean.

But since this happened my firewall now turns itself off and on by itself. I have tried every thing I know of to boot up in safe mode to run the Malware program but it hangs on mup.sys and will not finish loading in safe mode. I wanted to run the MBAM program in safe mode to find out if something has gotten on my computer that caused Avast to be disabled. (which is what I thinks has happened)

I have run MBAM and spybot search and destroy two times and they found a couple of things and a max registry cleaner and removed it…but nothing else. I did a full scan with the updated Avast and they now find nothing. Even though I feel that something has gotten on my computer disabling my firewall.

I am not sure why I can’t boot up in safe mode to run the spyware, malware programs…any advice would be appreciated.The hang up at the Mup.sys file seems to be the problem area but not certain it is a bad file or spot on my hard drive. I ran chk.dsk utility and all seems well…

My system is:

Windows XP
Media Center edition
Version 2002
service pack 3

Mfg;
HP and company
HP Pavillion
AMD Athlon 64x2 Dual
core processor 4200+
984 MGHz, 960 MB of RAM

Side note: Not sure if this is relevant but thought I would add it as I have not tried to run in safe mode since I changed my failed power supply. Possibly a hardware problem on loading safe mode…Maybe???

I was instructed to also add my logs from MBAM and OTL but I got an error message. The message exceeds the maximum allowed length (10000 characters). How do I submit those logs?

Note: OTL found nothing wrong.

I may of been premature on my assessment of OTL…it appears that my updates from windows have been failing to be installed for quite a while I think.

Also I see it was essexboy that gave me the format for submitting my problem …My thanks to you essexboy

Will add the OTL and MBAM logs in replies.

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4296

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/9/2010 4:00:33 PM
mbam-log-2010-07-09 (16-00-33).txt

Scan type: Full scan (C:|D:|)
Objects scanned: 323791
Time elapsed: 1 hour(s), 33 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Win Antivir 2008 (Rogue.WinAntiVirus) → Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ac8zt2 (Trojan.FakeAlert) → Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads\PopularScreenSavers.exe (PUP.FunWebProducts) → Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads\PopularScreensaversSetup2.3.50.62.ZRfox000.exe (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\Win Antivir 2008\Buy.url (Rogue.WinAntiVirus) → Quarantined and deleted successfully.
C:\Program Files\Win Antivir 2008\Help.url (Rogue.WinAntiVirus) → Quarantined and deleted successfully.
C:\Program Files\Win Antivir 2008\HowToBuy.txt (Rogue.WinAntiVirus) → Quarantined and deleted successfully.
C:\Program Files\Win Antivir 2008\ID.dat (Rogue.WinAntiVirus) → Quarantined and deleted successfully.
C:\Program Files\Win Antivir 2008\License.txt (Rogue.WinAntiVirus) → Quarantined and deleted successfully.
C:\WINDOWS\Tasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) → Quarantined and deleted successfully.

OTL Log file too long even when I try it as two posts…if you need them let me know…as far as I can see nothing notable…but I am a complete idiot when it comes to this stuff…lol

If you just need parts of it please tell me which part and I will post it…

I see another poster did it this way I will try also.

OTL logfile created on: 7/11/2010 9:53:45 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 189.95 Gb Free Space | 84.66% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/11 09:44:57 | 000,574,976 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads\OTL.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () – C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) – C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2006/10/23 07:50:37 | 000,071,216 | R— | M] (AOL LLC) – C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R— | M] (AOL LLC) – C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/11/30 12:57:58 | 000,036,903 | ---- | M] (Hewlett-Packard) – C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/09/27 02:43:29 | 001,060,864 | ---- | M] (Digital Interactive Systems Corporation) – C:\Program Files\DISC\DISCover.exe
PRC - [2005/09/27 02:42:32 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) – C:\Program Files\DISC\DiscGui.exe
PRC - [2005/09/27 02:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) – C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/09/27 02:42:26 | 000,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) – C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/27 04:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) – C:\WINDOWS\arservice.exe
PRC - [2004/11/03 16:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) – C:\Program Files\Common Files\AOL\1259771370\EE\AOLHostManager.exe
PRC - [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) – C:\Program Files\Common Files\AOL\1259771370\EE\AOLServiceHost.exe
PRC - [2004/10/18 18:42:18 | 000,079,448 | ---- | M] () – C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

========== Modules (SafeList) ==========

MOD - [2010/07/11 09:44:57 | 000,574,976 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\msscript.ocx
MOD - [2005/11/30 12:57:56 | 000,024,613 | ---- | M] (BackWeb) – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\IadHide5.dll
MOD - [2005/07/07 14:26:04 | 000,004,608 | R— | M] (America Online) – C:\Program Files\Common Files\AOL\ACS\WLHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R— | M] (AOL LLC) [Auto | Stopped] – C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe – (AOL ACS)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] – C:\WINDOWS\arservice.exe – (ARSVC)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe – (AOL TopSpeedMonitor)
SRV - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] – C:\WINDOWS\system32\HPZipm12.exe – (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\irbus.sys – (IrBus)
DRV - [2005/09/23 15:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\AGRSM.sys – (AgereSoftModem)
DRV - [2005/08/29 17:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ALCXWDM.SYS – (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/14 00:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ati2mtag.sys – (ati2mtag)
DRV - [2005/07/28 20:07:58 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hcwPP2.sys – (hcwPP2)
DRV - [2005/07/04 02:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\PS2.sys – (Ps2)
DRV - [2005/06/30 03:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\ftsata2.sys – (ftsata2)
DRV - [2005/06/17 16:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\iaStor.sys – (iaStor)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\AmdK8.sys – (AmdK8)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rtlnicxp.sys – (RTL8023xp)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 17:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\bb-run.sys – (bb-run)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R— | M] (America Online, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\wanatw4.sys – (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010/07/09 00:55:15 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/09 18:10:29 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\Components: C:\Program Files\Netscape\Netscape Browser\Components [2005/11/30 12:39:42 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/07/09 18:10:29 | 000,000,000 | —D | M]

[2009/12/02 10:00:54 | 000,000,000 | —D | M] – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2009/12/03 19:49:52 | 000,000,000 | —D | M] – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\xbb4ew5v.default\extensions
[2010/07/10 19:05:11 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 18:28:41 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/25 18:26:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM…\Run: File not found
O4 - HKLM…\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM…\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM…\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM…\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM…\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM…\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM…\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM…\Run: [HostManager] C:\Program Files\Common Files\AOL\1259771370\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM…\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM…\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM…\Run: [PCDrProfiler] File not found
O4 - HKLM…\Run: [Pure Networks Port Magic] C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
O4 - HKLM…\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra ‘Tools’ menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra ‘Tools’ menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O15 - HKLM..Trusted Domains: trymedia.com (http in Trusted sites)
O15 - HKLM..Trusted Domains: trymedia.com (https in Trusted sites)
O15 - HKU\S-1-5-21-2613497062-2104465543-2719283846-1008..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.64.104.1 206.64.104.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 12:53:34 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT – [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf – [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/11 07:26:53 | 000,000,000 | —D | C] – C:\6db783fe362b3fa5a448228fffc5
[2010/07/10 16:19:21 | 000,000,000 | -HSD | C] – C:\found.000
[2010/07/10 15:26:46 | 000,000,000 | —D | C] – C:\32788R22FWJFW
[2010/07/10 07:20:03 | 000,000,000 | —D | C] – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HP
[2010/07/10 06:46:39 | 000,000,000 | —D | C] – C:\WINDOWS\System32\LogFiles
[2010/07/09 16:51:59 | 000,000,000 | —D | C] – C:\Program Files\Spybot - Search & Destroy
[2010/07/09 16:51:59 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/09 16:40:24 | 000,017,744 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/09 16:40:23 | 000,165,456 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/09 16:40:23 | 000,023,376 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/09 16:40:22 | 000,046,672 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/09 16:40:21 | 000,100,176 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/09 16:40:21 | 000,094,544 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/09 16:40:21 | 000,028,880 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/09 16:40:02 | 000,165,032 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\aswBoot.exe
[2010/07/09 16:40:02 | 000,038,848 | ---- | C] (ALWIL Software) – C:\WINDOWS\avastSS.scr
[2010/07/09 16:23:05 | 000,000,000 | —D | C] – C:\WINDOWS\ERDNT
[2010/07/09 16:23:04 | 000,000,000 | --SD | C] – C:\ComboFix
[2010/07/09 16:18:10 | 000,000,000 | —D | C] – C:\Qoobox
[2010/07/09 12:56:15 | 000,000,000 | —D | C] – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Auslogics
[2010/07/09 12:56:12 | 000,000,000 | —D | C] – C:\Program Files\Auslogics
[2010/07/09 12:52:33 | 000,000,000 | —D | C] – C:\Program Files\CCleaner
[2010/07/09 12:45:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/09 12:45:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/09 12:31:18 | 000,000,000 | —D | C] – C:\Malware Removal Tools
[3 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[13 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2010/07/11 09:52:00 | 000,000,444 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{005FA7B1-60F5-44E9-A33B-3A8DF98FCC41}.job
[2010/07/11 09:45:00 | 000,001,022 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2159621661-3826989892-1658989840-1008UA.job
[2010/07/11 07:32:01 | 000,000,246 | ---- | M] () – C:\WINDOWS\System\hpsysdrv.dat
[2010/07/11 07:24:28 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2010/07/11 07:24:06 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2010/07/11 07:24:03 | 1005,113,344 | -HS- | M] () – C:\hiberfil.sys
[2010/07/11 00:55:01 | 000,000,178 | -HS- | M] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2010/07/11 00:55:00 | 002,084,864 | ---- | M] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.dat
[2010/07/09 18:10:30 | 000,001,740 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/09 17:35:40 | 000,000,318 | ---- | M] () – C:\WINDOWS\WININIT.INI
[2010/07/09 16:52:03 | 000,000,962 | ---- | M] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/09 16:52:03 | 000,000,944 | ---- | M] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Spybot - Search & Destroy.lnk
[2010/07/09 16:40:24 | 000,001,711 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/09 16:40:22 | 000,002,626 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT
[2010/07/09 12:56:13 | 000,000,812 | ---- | M] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Auslogics Disk Defrag.lnk
[2010/07/09 12:52:34 | 000,000,693 | ---- | M] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CCleaner.lnk
[2010/07/09 12:45:39 | 000,000,707 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes’ Anti-Malware.lnk
[2010/07/09 12:45:00 | 000,000,970 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2159621661-3826989892-1658989840-1008Core.job
[2010/07/09 07:19:06 | 000,051,672 | ---- | M] () – C:\VETlog.dmp
[2010/07/09 07:19:05 | 000,000,697 | ---- | M] () – C:\WINDOWS\win.ini
[2010/07/08 22:21:21 | 000,001,158 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) – C:\WINDOWS\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) – C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 15:32:42 | 000,094,544 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/24 10:22:39 | 000,000,414 | -H-- | M] () – C:\IPH.PH
[2010/06/17 09:25:52 | 000,047,902 | ---- | M] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Proof of Insurance 6-18-10.pdf
[3 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[13 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files Created - No Company Name ==========

[2010/07/09 16:52:03 | 000,000,962 | ---- | C] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/09 16:52:03 | 000,000,944 | ---- | C] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Spybot - Search & Destroy.lnk
[2010/07/09 16:40:24 | 000,001,711 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/09 12:56:13 | 000,000,812 | ---- | C] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Auslogics Disk Defrag.lnk
[2010/07/09 12:52:34 | 000,000,693 | ---- | C] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CCleaner.lnk
[2010/07/09 12:45:39 | 000,000,707 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes’ Anti-Malware.lnk
[2010/07/09 00:27:41 | 002,084,864 | ---- | C] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.dat
[2010/06/24 10:22:26 | 000,000,414 | -H-- | C] () – C:\IPH.PH
[2010/06/24 08:43:37 | 000,000,332 | ---- | C] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\LOST nb 6-23-10.txt
[2010/06/17 09:25:49 | 000,047,902 | ---- | C] () – C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Proof of Insurance 6-18-10.pdf
[2010/04/15 03:08:43 | 000,000,172 | ---- | C] () – C:\WINDOWS\System32\MRT.INI
[2009/12/02 12:42:30 | 000,000,097 | ---- | C] () – C:\WINDOWS\System32\PICSDK.ini
[2007/11/12 00:07:11 | 000,000,214 | ---- | C] () – C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/11/11 23:24:50 | 000,000,234 | ---- | C] () – C:\WINDOWS\PrnHlpLogConfig.ini
[2007/11/11 23:23:30 | 000,000,214 | ---- | C] () – C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/10/30 22:10:21 | 000,002,004 | ---- | C] () – C:\WINDOWS\IMM02D.ini
[2007/10/30 21:44:30 | 000,002,004 | ---- | C] () – C:\WINDOWS\IMM02C.ini
[2007/10/30 21:29:01 | 000,002,004 | ---- | C] () – C:\WINDOWS\IMM02B.ini
[2007/10/30 21:06:16 | 000,002,004 | ---- | C] () – C:\WINDOWS\IMM02A.ini
[2007/10/24 10:36:56 | 000,000,140 | ---- | C] () – C:\WINDOWS\CS_MD_T.ini
[2007/06/17 11:18:04 | 000,000,000 | ---- | C] () – C:\WINDOWS\iPlayer.INI
[2006/12/28 16:55:38 | 000,000,071 | ---- | C] () – C:\WINDOWS\hotComm.INI
[2006/09/27 14:18:05 | 000,000,025 | ---- | C] () – C:\WINDOWS\cdplayer.ini
[2006/01/31 18:08:08 | 000,000,066 | ---- | C] () – C:\WINDOWS\ESPR200.ini
[2006/01/31 17:26:27 | 000,000,117 | ---- | C] () – C:\WINDOWS\NavWin.INI
[2006/01/28 22:57:17 | 000,684,032 | ---- | C] () – C:\WINDOWS\libeay32.dll
[2006/01/28 22:57:17 | 000,155,648 | ---- | C] () – C:\WINDOWS\ssleay32.dll
[2005/11/30 13:22:31 | 000,000,061 | ---- | C] () – C:\WINDOWS\smscfg.ini
[2005/11/30 13:01:04 | 000,022,396 | ---- | C] () – C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/30 12:57:11 | 000,014,316 | ---- | C] () – C:\WINDOWS\System32\CHODDI.SYS
[2005/11/30 12:57:01 | 000,045,056 | ---- | C] () – C:\WINDOWS\System32\hpreg.dll
[2005/11/30 12:54:09 | 000,000,054 | ---- | C] () – C:\WINDOWS\Quicken.ini
[2005/11/30 12:50:56 | 000,000,376 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2005/11/30 12:46:28 | 000,204,800 | ---- | C] () – C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/30 12:46:28 | 000,200,704 | ---- | C] () – C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/30 12:46:28 | 000,192,512 | ---- | C] () – C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/30 12:46:28 | 000,192,512 | ---- | C] () – C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/30 12:46:28 | 000,188,416 | ---- | C] () – C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/30 12:46:28 | 000,020,480 | ---- | C] () – C:\WINDOWS\System32\IVIresize.dll
[2005/11/30 12:40:48 | 000,000,318 | ---- | C] () – C:\WINDOWS\WININIT.INI
[2005/11/30 12:39:49 | 000,000,698 | ---- | C] () – C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/30 12:27:55 | 000,001,793 | ---- | C] () – C:\WINDOWS\System32\fxsperf.ini
[2005/11/30 12:24:45 | 000,040,960 | ---- | C] () – C:\WINDOWS\System32\hcwXDS.dll
[2005/11/30 12:11:50 | 000,000,791 | ---- | C] () – C:\WINDOWS\orun32.ini
[2005/11/30 12:05:38 | 000,323,584 | ---- | C] () – C:\WINDOWS\System32\pythoncom22.dll
[2005/11/30 12:05:38 | 000,094,208 | ---- | C] () – C:\WINDOWS\System32\pywintypes22.dll
[2005/11/30 12:05:17 | 000,016,896 | ---- | C] () – C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 15:50:52 | 000,000,000 | ---- | C] () – C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () – C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () – C:\WINDOWS\armcex.dll
[2004/07/26 17:51:38 | 000,000,560 | ---- | C] () – C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () – C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%*.* >
[2007/09/10 16:31:11 | 000,010,920 | ---- | M] () – C:\aolconnfix.exe
[2007/09/10 16:31:11 | 000,001,039 | ---- | M] () – C:\aolconnfix.txt
[2005/11/30 12:53:34 | 000,000,100 | ---- | M] () – C:\AUTOEXEC.BAT
[2009/12/02 09:46:30 | 000,000,211 | RHS- | M] () – C:\BOOT.BAK
[2009/12/02 09:57:18 | 000,000,281 | RHS- | M] () – C:\boot.ini
[2004/08/10 07:00:00 | 000,260,272 | RHS- | M] () – C:\cmldr
[2005/08/31 07:02:02 | 000,000,000 | ---- | M] () – C:\CONFIG.SYS
[2010/03/20 17:47:31 | 000,001,245 | ---- | M] () – C:\debug.txt
[2006/09/18 22:27:10 | 000,440,320 | -HS- | M] () – C:\ehthumbs.db
[2008/02/16 15:17:46 | 000,000,213 | ---- | M] () – C:\Expiration.Log
[2005/11/30 12:56:16 | 000,000,000 | ---- | M] () – C:\FailKeys.log
[2010/07/11 07:24:03 | 1005,113,344 | -HS- | M] () – C:\hiberfil.sys
[2007/08/05 19:59:25 | 000,000,164 | ---- | M] () – C:\install.dat
[2005/08/31 07:02:02 | 000,000,000 | RHS- | M] () – C:\IO.SYS
[2010/06/24 10:22:39 | 000,000,414 | -H-- | M] () – C:\IPH.PH
[2005/08/31 07:02:02 | 000,000,000 | RHS- | M] () – C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () – C:\NTDETECT.COM
[2009/12/05 18:36:16 | 000,250,048 | RHS- | M] () – C:\ntldr
[2010/07/11 07:23:57 | 1509,949,440 | -HS- | M] () – C:\pagefile.sys
[2005/11/30 12:56:16 | 000,000,121 | ---- | M] () – C:\PassKeys.log
[2007/11/09 19:50:57 | 003,932,214 | ---- | M] () – C:\proram file.bmp
[2010/07/10 09:37:14 | 000,000,329 | ---- | M] () – C:\rkill.log
[2007/11/09 20:03:31 | 001,622,172 | ---- | M] () – C:\sysinfo 3.txt
[2007/11/12 17:19:17 | 002,023,062 | ---- | M] () – C:\sysinfo4.txt
[2008/09/28 22:21:24 | 000,004,608 | -HS- | M] () – C:\Thumbs.db
[2010/07/09 07:19:06 | 000,051,672 | ---- | M] () – C:\VETlog.dmp
[2010/07/09 07:19:06 | 002,258,426 | ---- | M] () – C:\VETlog.txt
[2006/01/31 17:23:42 | 000,000,097 | ---- | M] () – C:\YesControls_2006-01-31_16.23.42.log
[2006/02/01 01:11:31 | 000,000,194 | ---- | M] () – C:\YesControls_2006-02-01_00.11.31.log
[2006/01/31 17:23:44 | 000,000,303 | ---- | M] () – C:\YesTradeEngineServer_2006-01-31_16.23.43.log
[2007/05/24 19:47:40 | 000,000,303 | ---- | M] () – C:\YesTradeEngineServer_2007-05-24_19.47.39.log
[2007/11/08 12:03:54 | 000,422,839 | ---- | M] () – C:\YesTradeEngineServer_2007-05-24_19.47.40.log

< %systemroot%\system32*.wt >

< %systemroot%\system32*.ruy >

< %systemroot%\Fonts*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () – C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () – C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () – C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () – C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts*.dll >
[2005/05/12 09:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) – C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts*.ini >
[2005/08/31 07:01:20 | 000,000,067 | -HS- | M] () – C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86*.dll >
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR*.bak1 >

< %systemroot%\REPAIR*.ini >

< %systemroot%\system32*.jpg >

< %systemroot%*.scr >
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) – C:\WINDOWS\avastSS.scr
[2001/05/07 18:14:22 | 000,303,104 | ---- | M] () – C:\WINDOWS\Film Factory.scr
[3 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]

< %systemroot%*._sy >

< %systemroot%*. /mp /s >

< %systemroot%\system32*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 – C:\WINDOWS\system32\comsvcs.dll
[13 C:\WINDOWS\system32*.tmp files → C:\WINDOWS\system32*.tmp → ]

< %systemroot%\Tasks*.job /lockedfiles >

< %systemroot%\System32\config*.sav >
[2005/08/30 23:51:10 | 000,094,208 | ---- | M] () – C:\WINDOWS\system32\config\default.sav
[2005/08/30 23:51:10 | 000,659,456 | ---- | M] () – C:\WINDOWS\system32\config\software.sav
[2005/08/30 23:51:10 | 000,888,832 | ---- | M] () – C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B – C:\WINDOWS\system32\user32.dll
[13 C:\WINDOWS\system32*.tmp files → C:\WINDOWS\system32*.tmp → ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A – C:\WINDOWS\system32\ws2_32.dll
[13 C:\WINDOWS\system32*.tmp files → C:\WINDOWS\system32*.tmp → ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 – C:\WINDOWS\system32\ws2help.dll
[13 C:\WINDOWS\system32*.tmp files → C:\WINDOWS\system32*.tmp → ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpda >

< te\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes → C:\Documents and Settings\All Users\Application Data\TEMP:0A096EB2
< End of report >

OTL Extras logfile created on: 7/11/2010 9:53:45 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 189.95 Gb Free Space | 84.66% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2613497062-2104465543-2719283846-1008\SOFTWARE\Classes<extension>]
.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
exefile [open] – “%1” %*
htmlfile [edit] – “C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe” %1 (Microsoft Corporation)
htmlfile [print] – “C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe” /p %1 (Microsoft Corporation)
http [open] – “C:\Program Files\Mozilla Firefox\firefox.exe” -requestPending -osint -url “%1” (Mozilla Corporation)
https [open] – “C:\Program Files\Mozilla Firefox\firefox.exe” -requestPending -osint -url “%1” (Mozilla Corporation)
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] – “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file --playlist-enqueue “%1” ()
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] – “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file --no-playlist-enqueue “%1” ()
Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DoNotAllowExceptions” = 1
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“1900:UDP” = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe” = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP – (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe” = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe::Enabled:hpofxm08.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe” = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:
:Enabled:hposfx08.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe” = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:
:Enabled:hpqcopy.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe” = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe::Enabled:hpfccopy.exe – (Hewlett-Packard)
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe” = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:
:Enabled:hpzwiz01.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe” = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe::Enabled:hpqphunl.exe – ()
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe” = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:
:Enabled:hpqdia.exe – ( )
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe” = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe::Enabled:hpoews01.exe – (Hewlett-Packard Co.)
“C:\Program Files\DISC\DISCover.exe” = C:\Program Files\DISC\DISCover.exe:
:Enabled:DISCover Drop & Play System – (Digital Interactive Systems Corporation)
“C:\Program Files\DISC\DiscStreamHub.exe” = C:\Program Files\DISC\DiscStreamHub.exe::Enabled:DISCover Stream Hub – (Digital Interactive Systems Corporation, Inc.)
“C:\Program Files\DISC\myFTP.exe” = C:\Program Files\DISC\myFTP.exe:
:Enabled:DISCover FTP – (Digital Interactive Systems Corporation, Inc.)
“C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe” = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe::Enabled:Updates from HP – (Hewlett-Packard)
“C:\Program Files\EarthLink TotalAccess\TaskPanl.exe” = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:
:Enabled:Earthlink – File not found
“C:\Program Files\Common Files\AOL\Loader\aolload.exe” = C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Application Loader – (America Online, Inc.)
“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe” = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:
:Enabled:AOL – (AOL LLC)
“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe” = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL – (AOL LLC)
“C:\Program Files\America Online 9.0a\waol.exe” = C:\Program Files\America Online 9.0a\waol.exe:
:Enabled:AOL – (America Online, Inc.)
“C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe” = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe::Enabled:AOLTsMon – (America Online, Inc)
“C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe” = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:
:Enabled:AOLTopSpeed – (America Online Inc)
“C:\Program Files\Common Files\AOL\1259771370\EE\AOLServiceHost.exe” = C:\Program Files\Common Files\AOL\1259771370\EE\AOLServiceHost.exe::Enabled:AOL – (America Online, Inc.)
“C:\Program Files\Common Files\AOL\System Information\sinf.exe” = C:\Program Files\Common Files\AOL\System Information\sinf.exe:
:Enabled:AOL – (America Online Inc.)
“C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe” = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe::Enabled:AOL – ()
“C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe” = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:
:Enabled:AOL – (AOL Spyware Protection)
“C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe” = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe::Enabled:AOL – (Gteko Ltd.)
“C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\7zS65.tmp\SymNRT.exe” = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\7zS65.tmp\SymNRT.exe:
:Enabled:Norton Removal Tool – File not found
“C:\Program Files\Mozilla Firefox\firefox.exe” = C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox – (Mozilla Corporation)
“C:\Program Files\Java\jre6\bin\java.exe” = C:\Program Files\Java\jre6\bin\java.exe:
:Enabled:Java™ Platform SE binary – (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}” = PhotoGallery
“{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}” = CP_Package_Variety1
“{075473F5-846A-448B-BCB3-104AA1760205}” = Sonic RecordNow Data
“{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}” = Destinations
“{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}” = AiO_Scan
“{0BEDBD4E-2D34-47B5-9973-57E62B29307C}” = ATI Control Panel
“{172975EB-9465-4861-95B5-C7BB6D3DE62A}” = DocumentViewer
“{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}” = CP_Package_Variety3
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{21657574-BD54-48A2-9450-EB03B2C7FC29}” = Sonic MyDVD Plus
“{21DB3D90-D816-4092-A260-CA3F6B55A6DD}” = Sonic_PrimoSDK
“{23012310-3E05-46A5-88A9-C6CBCABCAC79}” = Customer Experience Enhancement
“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer
“{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}” = CP_Panorama1Config
“{26A24AE4-039D-4CA4-87B4-2F83216020FF}” = Java™ 6 Update 20
“{2818095F-FB6C-42C8-827E-0A406CC9AFF5}” = Quicken 2006
“{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}” = HP Deskjet Printer Preload
“{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}” = Unload
“{30465B6C-B53F-49A1-9EBA-A3F187AD502E}” = Sonic Update Manager
“{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}” = TrayApp
“{3248F0A8-6813-11D6-A77B-00B0D0150050}” = J2SE Runtime Environment 5.0 Update 5
“{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}” = InstantShareDevices
“{33D6CC28-9F75-4d1b-A11D-98895B3A3729}” = HP Photosmart 330,380,420,470,7800,8000,8200 Series
“{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{36E47DA1-10E1-45d9-8B19-14D19607CDCF}” = CP_CalendarTemplates1
“{382E94C0-6E22-44e4-B003-8EB31DFE296F}” = cp_LightScribeConfig
“{3912A629-0020-0005-3757-2FBA74D4DF0A}” = InterVideo WinDVD Player
“{3BA95526-6AE0-4B87-A62D-17187EF565FC}” = HP Boot Optimizer
“{3E386744-10FA-44b2-98C9-DF7A270DECB3}” = HP PSC & OfficeJet 5.3.A
“{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}” = Microsoft Works
“{54E3707F-808E-4fd4-95C9-15D1AB077E5D}” = NewCopy
“{567C23E1-7580-4185-B8C2-30805677297C}” = NewCopy_CDA
“{56EE8B17-8274-418d-89AC-C057C5DB251E}” = RandMap
“{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}” = WebReg
“{5A01C58E-B0EC-49b9-AD71-7C0468688087}” = CP_Package_Basic1
“{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}” = HP PSC & OfficeJet 5.3.B
“{5EE7D259-D137-4438-9A5F-42F432EC0421}” = VC80CRTRedist - 8.0.50727.4053
“{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}” = Sonic Express Labeler
“{66BA8C26-AFE4-4408-807B-43E76B57EF53}” = SkinsHP1
“{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}” = DocProc
“{6D8D64BE-F500-55B6-705D-DFD08AFE0624}” = Acrobat.com
“{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}” = Microsoft .NET Framework 2.0
“{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}” = PSTAPlugin
“{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}” = PSPrinters08
“{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}” = AiOSoftware
“{7C03270C-4FAB-4F5C-B10D-52FEDA190790}” = DocumentViewerQFolder
“{7E27304E-BAA2-4d90-A34E-76641FAFABB4}” = CP_AtenaShokunin1Config
“{8105684D-8CA6-440D-8F58-7E5FD67A499D}” = Easy Internet Sign-up
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{91120409-6000-11D3-8CFE-0150048383C9}” = Microsoft Office Standard Edition 2003
“{91477C6F-EC7C-4BFC-BBE1-E45908019DED}” = LightScribe 1.4.52.1
“{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}” = InterVideo WinDVD Player
“{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}” = Readme
“{A01FC76F-CC09-4658-9E37-5C2F635EE708}” = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
“{A195B13E-A5E3-4BAF-A995-7F70F445CD06}” = ScannerCopy
“{A2BCA9F1-566C-4805-97D1-7FDC93386723}” = Adobe AIR
“{A3455242-DAE0-4523-8242-FD82706ABF4B}” = CameraDrivers
“{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}” = CueTour
“{AB5D51AE-EBC3-438D-872C-705C7C2084B0}” = DeviceManagementQFolder
“{AB708C9B-97C8-4AC9-899B-DBF226AC9382}” = Sonic RecordNow Audio
“{AC76BA86-7AD7-1033-7B44-A93000000001}” = Adobe Reader 9.3.3
“{B12665F4-4E93-4AB4-B7FC-37053B524629}” = Sonic RecordNow Copy
“{B276997E-4367-4b1b-A39C-4CAE7464337A}” = AiO_Scan_CDA
“{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1” = Spybot - Search & Destroy
“{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}” = PanoStandAlone
“{B60E7826-F117-4d26-8165-D2DC5A494AB0}” = Fax_CDA
“{B64E3AFC-59EF-4f18-BF11-E751462450D3}” = AiOSoftwareNPI
“{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}” = CP_Package_Variety2
“{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}” = BufferChm
“{C104580B-1C79-4d73-9BF0-CA0B184296A4}” = cp_LightScribePlugin
“{C506A18C-1469-4678-B094-F4EC9DAE6DB7}” = Scan
“{C83A12B9-B31B-461A-BBD4-CE9B988094F1}” = HP Photosmart Cameras 5.0
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}” = Fax
“{D16A31F9-276D-4968-A753-FFEAC56995D0}” = Epson Print CD
“{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}” = CameraDrivers
“{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}” = HpSdpAppCoreApp
“{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1” = Auslogics Disk Defrag
“{DFB0FED6-0010-4E9B-A402-E513F2459161}” = muvee autoProducer unPlugged 1.2
“{E3F90083-80D4-4b5a-87C7-E97E12F5516D}” = HPProductAssistant
“{E7137AFD-4E43-47A6-BDC7-533808F72B36}” = muvee autoProducer 4.5
“{EA103B64-C0E4-4C0E-A506-751590E1653D}” = SolutionCenter
“{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}” = HP Software Update
“{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}” = Status
“{F80239D8-7811-4D5E-B033-0D0BBFE32920}” = HP DigitalMedia Archive
“038D56DF-B15D-47F7-959F-59FA1FBB63FC” = Snowboard SuperJam from HP Media Center (remove only)
“049D60AF-B425-4F8A-BD66-9D8C1B519D59” = Barnyard Invasion from HP Media Center (remove only)
“0814ADC6-5B36-4144-A8EA-439C36B1BB11” = Puzzle Express from HP Media Center (remove only)
“0AA27562-3C4E-4860-8742-7ADEBE2EFC43” = Ricochet Lost Worlds from HP Media Center (remove only)
“0C20CAB1-F8BC-4AC1-A796-535B005C1B83” = Super Granny from HP Media Center (remove only)
“0C84A7C5-2762-4932-96BF-44A77202DCC3” = Blasterball 2 Remix from HP Media Center (remove only)
“12133444-BF36-4d4e-B7FB-A3424C645DE4” = GemMaster Mystic
“1FFA88DF-0AC3-4D9E-9139-5FF98813C12C” = Polar Bowler from HP Media Center (remove only)
“3320769C-062B-4670-BD6B-AA4B3D0E9903” = FATE from HP Media Center (remove only)
“3D61540E-C88C-4358-B6A1-DC26648F2A3D” = Crystal Maze from HP Media Center (remove only)
“413773DA-62DE-4C4C-A0F9-10EFB9317DE5” = Family Feud
“47D5A62B-1B41-4DB1-8267-ADA434FA782B” = Bejeweled 2 Deluxe from HP Media Center (remove only)
“538B9061-0C77-4FB2-903F-EC42A1FF5DD8” = Mah Jong Quest from HP Media Center (remove only)
“55275778-F7D9-4BA0-95F4-DEFD71ADDFD9” = Polar Golfer from HP Media Center (remove only)
“581538B9-2ED3-45E2-96CB-22AD8F811D2A” = Shrek 2 Ogre Bowler from HP Media Center (remove only)
“5DAA9E44-1B31-41CD-88A8-228EDED6E36E” = Bounce Symphony from HP Media Center (remove only)
“758619C0-7C97-42BB-B1E9-775F72FDAD1E” = Blackhawk Striker 2 from HP Media Center (remove only)
“901E0096-B2AC-469E-A99E-2725A39C0B47” = Zuma Deluxe from HP Media Center (remove only)
“90EA5584-4290-407B-B8F2-D6E6D65A4796” = Boggle Supreme from HP Media Center (remove only)
“9844050E-4CA4-4901-A53D-A5D14C63789B” = Lexibox Deluxe from HP Media Center (remove only)
“A09026AE-8F16-4929-B4E6-1825535844DB” = Insaniquarium Deluxe from HP Media Center (remove only)
“Adobe AIR” = Adobe AIR
“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
“Adobe Shockwave Player” = Adobe Shockwave Player 11.5
“AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F” = 5 Card Slingo from HP Media Center (remove only)
“Agere Systems Soft Modem” = Agere Systems PCI-SV92PP Soft Modem
“America Online us” = America Online (Choose which version to remove)
“AOL Connectivity Services” = AOL Connectivity Services
“AOL Spyware Protection” = AOL Spyware Protection
“AOL YGP Screensaver” = AOL You’ve Got Pictures Screensaver
“AolCoach2_en” = AOL Coach Version 2.0(Build:20041026.5 en)
“ATI Display Driver” = ATI Display Driver
“avast5” = avast! Free Antivirus
“AwayMode160” = Microsoft Away Mode
“B2AA88B1-4920-462B-9F7C-019782B3C4DB” = Shooting Stars Pool from HP Media Center (remove only)
“B3EE3001-DC24-4cd1-8743-5692C716659F” = Otto
“B3FF79F4-CDA8-4845-A7C0-9CE017719F36” = Tradewinds from HP Media Center (remove only)
“B7217206-A362-446B-A0F7-A2622B82F821” = SCRABBLE from HP Media Center (remove only)
“BA42B721-D70B-4412-ABA6-057B5823FDE9” = Chuzzle Deluxe from HP Media Center (remove only)
“CCleaner” = CCleaner

“com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1” = Acrobat.com
“D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79” = Blasterball 2 from HP Media Center (remove only)
“DISCover” = DISCover
“DivX Setup.divx.com” = DivX Setup
“E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E” = Slingo Deluxe from HP Media Center (remove only)
“E44A47AF-C94B-4E3F-81A0-979FBA9DAC57” = AstroPop Deluxe from HP Media Center (remove only)
“E59F75D0-A38B-40F4-ABA2-CA35A7735473” = Bookworm Deluxe from HP Media Center (remove only)
“EPSON Printer and Utilities” = EPSON Printer Software
“F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E” = Lemonade Tycoon 2 from HP Media Center (remove only)
“Graboid Video” = Graboid Video 1.71
“HP Document Viewer” = HP Document Viewer 5.3
“HP Game Console” = HP Game Console and games
“HP Image Zone for Media Center PC” = HP Image Zone for Media Center PC
“HP Imaging Device Functions” = HP Imaging Device Functions 5.3
“HP Photo & Imaging” = HP Image Zone 5.3
“HP Solution Center & Imaging Support Tools” = HP Solution Center & Imaging Support Tools 5.3
“HPOOVClient-9972322 Uninstaller” = Updates from HP (remove only)
“ie8” = Windows Internet Explorer 8
“InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}” = Customer Experience Enhancement
“InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}” = Easy Internet Sign-up
“IntelliMover Data Transfer Demo” = Remove IntelliMover Demo
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Microsoft .NET Framework 2.0” = Microsoft .NET Framework 2.0
“Money2005b” = Microsoft Money 2005
“Mozilla Firefox (3.6.6)” = Mozilla Firefox (3.6.6)
“MSNINST” = MSN
“Netscape Browser” = Netscape Browser (remove only)
“PC-Doctor 5 for Windows” = PC-Doctor 5 for Windows
“Port Magic” = Pure Networks Port Magic
“PS2” = PS2
“Python 2.2.3” = Python 2.2.3
“pywin32-py2.2” = Python 2.2 pywin32 extensions (build 203)
“QuickTime” = QuickTime
“RealPlayer 6.0” = RealPlayer
“Recuva” = Recuva
“ViewpointMediaPlayer” = Viewpoint Media Player
“VLC media player” = VLC media player 1.0.1
“Windows Media Format Runtime” = Windows Media Format Runtime
“Windows XP Service Pack” = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 8:30:48 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 – There is a
problem with this Windows Installer package. Please refer to the setup log for
more information.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘.NET
Framework CLR’ could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘.NET
Framework CA’ could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘.NET
Framework CRT’ could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘.NET
Framework PreXP’ could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘Dr.
Watson’ could not be installed. Error code 1603. Additional information is available
in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘.NET
Framework 1’ could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘.NET
Framework 2’ could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘.NET
Framework ASP .NET’ could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

Error - 7/11/2010 8:30:49 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update ‘.NET
Framework WinForms’ could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup1B45.txt.

[ System Events ]
Error - 7/10/2010 8:19:06 AM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB979683).

Error - 7/10/2010 8:22:54 AM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 7/10/2010 9:51:20 AM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB979683).

Error - 7/10/2010 9:57:19 AM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 7/10/2010 11:55:08 AM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB979683).

Error - 7/10/2010 12:07:17 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB979683).

Error - 7/10/2010 12:39:55 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB979683).

Error - 7/10/2010 2:28:23 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB979683).

Error - 7/11/2010 1:55:18 AM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB979683).

Error - 7/11/2010 8:31:13 AM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

< End of report >

Looks like you got it all - attaching the logs would have been easier

I see you have run Combofix, could I see that log please

If you haven’t figured it out yet your dealing with a novice…no, make that a technical moron…lol…attachment wth is that …If I could figure out how to attach this combofix log I would. You asked me for it and I did not remember ever getting one. I looked and could not find one so I ran Combofx again…this time correctly and completely and obtained a log. Lo and behold I figured it out…sorry for repeating what another person did…I hope the attachment works correctly. I also noted that I could load some windows updates but not one of the major ones like the 3.5 family pack…it still will not boot up in safe mode(though that may be a hardware problem) I also since last combofix scan have not noticed my firewall being disabled…I will keep this thread informed if that is still a problem. Thanks

Just let me know if the attachment worked and is the right one please.

Well my firewall is still turning itself off…kind of spooky, so that problem still exists as well. :frowning: