TechSpot

Cannot uninstall programs/delete files

Inactive
By MrEd
Nov 9, 2011
  1. Sorry if this is not the proper thread as I don't know if this is related to a rogue program/files or not.

    Re:Uninstall/deletion Issues...

    I have two files on my desktop that I cannot delete:
    Name: An oldie but goodie_ Hands....
    Size: 0 bytes
    Location:C:\Documents and Settings\User\Desktop
    Fire Waterfall
    Size: 0 bytes
    C:\Documents and Settings\User\Desktop

    Have tried file assassin in Malware Bytes and CC Cleaner's file deletion tool but no go.


    Also, I cannot uninstall the following programs as they are not found in add/remove

    programs.

    This irider has a wise uninstaller but it calls for the "install.log" file which is nowhere

    to be found.

    Irider by Wymea Bay
    "D:\Program Files\iRider2.48\iRider.exe"

    Cannot uninstall this one either....same issue...not in add/remove programs. No unistaller.

    "D:\Program Files\PC Linq\Mdi.exe"

    Can I edit out these files from the registry? I don't have the original programs or files to

    reinstall and then uninstall them again. Any suggestions would be appreciated.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :dir
      C:\Documents and Settings\User\Desktop
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    As for that program which doesn't want to uninstall try free version of Revo: http://www.revouninstaller.com/revo_uninstaller_free_download.html
     
  3. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    System Look Report

    Thanks. Have tried free revo before but didn't work. Here is the systemlook report:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 18:17 on 09/11/2011 by User
    Administrator - Elevation successful

    ========== dir ==========

    C:\Documents and Settings\User\Desktop - Parameters: "(none)"

    ---Files---
    An oldie but goodie_ Hands.... --a---- 0 bytes [19:34 21/04/2010] [19:34 21/04/2010]
    CloneSpy.lnk --a---- 712 bytes [07:35 21/08/2011] [07:35 21/08/2011]
    eBible2.lnk --a---- 661 bytes [15:43 22/10/2007] [15:43 22/10/2007]
    Fire Waterfall..... --a---- 0 bytes [00:53 30/10/2010] [00:53 30/10/2010]
    Frontpage.lnk --a--c- 840 bytes [05:00 28/12/2003] [03:45 21/09/2006]
    Google Chrome.lnk --a---- 2277 bytes [22:42 04/05/2011] [23:27 18/07/2011]
    HyperSnap-DX 5.lnk --a--c- 672 bytes [04:47 05/01/2004] [04:47 05/01/2004]
    Irider.txt --a---- 945 bytes [22:24 09/11/2011] [22:35 09/11/2011]
    Local Area Connection.lnk --a--c- 408 bytes [07:10 16/11/2003] [07:10 16/11/2003]
    Microsoft Excel.lnk --a--c- 2481 bytes [06:14 15/01/2005] [00:16 08/11/2011]
    Microsoft Word.lnk --a--c- 840 bytes [05:00 28/12/2003] [05:00 28/12/2003]
    Program Dloads D Drive.lnk --a--c- 374 bytes [02:58 08/01/2004] [02:58 08/01/2004]
    Roboform Backup Password 4-17-10.htm --a---- 16506820 bytes [16:30 17/04/2010] [16:30 17/04/2010]
    Router Login.url -ra---- 172 bytes [21:41 17/08/2011] [21:49 19/08/2009]
    Router_Setup.html --a---- 5878 bytes [18:23 12/08/2011] [21:41 17/08/2011]
    Shortcut to IMP Papers 9-21-05.lnk --a---- 389 bytes [06:30 18/11/2006] [06:30 18/11/2006]
    Shortcut to Internet Options.lnk --a--c- 242 bytes [08:39 11/12/2003] [03:45 21/09/2006]
    Shortcut to iRider.exe.lnk --a---- 580 bytes [07:19 05/02/2007] [07:19 05/02/2007]
    Sprint Blackberry 8530.doc --a---- 25600 bytes [01:37 03/11/2011] [07:02 08/11/2011]
    Spybot - Search & Destroy.lnk --a---- 793 bytes [23:07 18/06/2011] [23:07 18/06/2011]
    System Restore.lnk --a--c- 1598 bytes [07:38 11/01/2004] [00:28 16/09/2009]
    SystemLook.exe --a---- 139264 bytes [23:15 09/11/2011] [23:15 09/11/2011]
    SystemLook.txt --a---- 0 bytes [23:17 09/11/2011] [23:17 09/11/2011]
    Thumbs.db --ahs-- 18432 bytes [17:27 30/07/2011] [19:34 06/08/2011]
    TowerHill2011.pdf --a---- 29139 bytes [07:05 21/10/2011] [07:05 21/10/2011]
    Yankee Clipper.lnk --a---- 606 bytes [05:05 22/09/2006] [05:05 22/09/2006]

    ---Folders---
    2011-01 (Jan) d------ [01:10 22/01/2011]
    Debbie d------ [02:45 06/08/2011]
    New Folder d------ [04:20 08/11/2011]

    -= EOF =-
     
  4. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    These two folders:
    D:\Program Files\PC Linq
    D:\Program Files\iRider2.48
    may be simply leftovers, or some programs which don't need installation.
    Since they're not listed in Add\Remove it'd be safe to simply delete both folders.

    As for those files....

    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe
    • Click OK at the warning.
    • Click the Script tab and copy/paste the following text there:
    Code:
    DeleteFile: 
    "C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands...."
    "C:\Documents and Settings\User\Desktop\Fire Waterfall....."
    
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\
     
  5. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Blitzbank got Blitzed... :)

    Thanks. Blitzbank posted this error when I tried to execute:
    "Syntax error in line 2, invalid file path".

    The other programs are executable programs that I just ran. Irider is a browser and PC linq is for connecting two computers. Do I still just delete their folders even though the programs will run? Thx.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Do you use those programs?

    As for the Blitzblank...

    Re-run System Look with this code:

    Code:
    :filefind
    An oldie but goodie*
    Fire Waterfall*
    
     
  7. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Reran System Look

    Don't use those programs. They are old.TY.

    Here is the system look:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:27 on 09/11/2011 by User
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "An oldie but goodie*"
    C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands.... --a---- 0 bytes [19:34 21/04/2010] [19:34 21/04/2010] (Unable to calculate MD5)

    Searching for "Fire Waterfall*"
    C:\Documents and Settings\User\Desktop\Fire Waterfall..... --a---- 0 bytes [00:53 30/10/2010] [00:53 30/10/2010] (Unable to calculate MD5)

    -= EOF =-
     
  8. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Go ahead and delete those folders.

    I can see there was some unneeded space in Blitzblank code.
    Try again....

    Code:
    DeleteFile: 
    "C:\Documents and Settings\User\Desktop\An oldie but goodie_Hands...."
    "C:\Documents and Settings\User\Desktop\Fire Waterfall....."
    
     
  9. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Still Blitzed

    Still getting the same syntax error...sorry.
    Blitzbank posted this error when I tried to execute:
    "Syntax error in line 2, invalid file path".
     
  10. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    OK, let's try this code:

    Code:
    DeleteFile: 
    "C:\Documents and Settings\User\Desktop\An oldie but goodie_Hands"
    "C:\Documents and Settings\User\Desktop\Fire Waterfall"
    
     
  11. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Sorry but that didn't work either....same error msg.TY
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    OTL logfile

    OTL logfile created on: 11/10/2011 12:23:09 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.53 Mb Total Physical Memory | 305.87 Mb Available Physical Memory | 59.80% Memory free
    1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.32% Paging File free
    Paging file location(s): D:\pagefile.sys 768 1524I:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 14.94 Gb Total Space | 1.86 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
    Drive D: | 59.59 Gb Total Space | 44.10 Gb Free Space | 74.00% Space Free | Partition Type: NTFS
    Drive H: | 3.65 Gb Total Space | 0.47 Gb Free Space | 12.94% Space Free | Partition Type: FAT32

    Computer Name: NA | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/09 22:34:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    PRC - [2011/08/01 12:12:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/05/04 03:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
    PRC - [2011/04/21 06:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/10/30 15:46:30 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    PRC - [2010/04/20 15:22:46 | 000,534,016 | ---- | M] (SOS Online Backup) -- D:\Program Files\Backup SOS for Kingtston Thumb Drive 5-16-11\OverlayCache.exe
    PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/07/03 02:20:48 | 000,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe
    PRC - [2005/03/10 18:58:06 | 001,368,064 | ---- | M] (inteleXual.com) -- D:\Program Files\Yankee Clipper\YankClip.exe
    PRC - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/12 11:09:29 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
    MOD - [2011/10/12 11:09:01 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
    MOD - [2011/10/12 11:02:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
    MOD - [2011/10/12 11:01:45 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
    MOD - [2011/10/12 11:01:06 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
    MOD - [2011/10/12 11:00:23 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
    MOD - [2011/10/12 10:57:39 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    MOD - [2011/10/12 10:57:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2011/10/12 10:54:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2011/10/12 10:54:42 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2011/05/04 03:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
    MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
    MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll
    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (AppMgmt)
    SRV - [2011/08/01 12:12:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2004/01/09 16:04:00 | 000,294,978 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- d:\Program Files\Quicken Backup\OLRegCap.exe -- (OLRegCap)
    SRV - [2004/01/09 16:04:00 | 000,073,794 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- d:\Program Files\Quicken Backup\OLlaunch.exe -- (Quicken Online BackupLauncher)
    SRV - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
    SRV - [2001/09/28 01:26:40 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/22 18:52:02 | 000,035,392 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2011/08/01 12:12:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/08/01 12:12:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
    DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2007/01/11 09:45:50 | 000,021,120 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
    DRV - [2005/03/14 00:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2004/11/15 09:18:20 | 000,055,936 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
    DRV - [2004/11/15 09:18:20 | 000,045,312 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
    DRV - [2004/04/26 06:10:00 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
    DRV - [2004/04/26 06:09:52 | 000,054,657 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
    DRV - [2004/04/26 06:09:42 | 000,071,405 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2004/04/26 06:09:24 | 000,024,605 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
    DRV - [2004/03/09 06:20:17 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
    DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
    DRV - [2003/12/17 08:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042pr2)
    DRV - [2003/12/17 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
    DRV - [2003/12/17 08:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
    DRV - [2003/10/07 13:18:44 | 000,044,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Kdata.sys -- (KDATA)
    DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2002/12/18 07:03:24 | 000,036,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
    DRV - [2002/10/04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2002/03/12 21:50:50 | 000,899,884 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
    DRV - [2001/12/06 12:49:44 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SonyFKC.sys -- (SonyFKC)
    DRV - [2001/09/21 19:16:46 | 000,593,000 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Smbe.sys -- (SMBE) Sony MPEG2 Encoder Board (WDM)
    DRV - [2001/08/17 16:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
    DRV - [2001/08/17 15:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
    DRV - [2001/08/17 15:11:26 | 000,054,271 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10(tm)
    DRV - [2001/01/08 04:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)
    DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\gcswf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Disabled) = D:\PROGRA~2\YAHOOI~1.0\Common\npyaxmpb.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: PriceBlink = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\2.1_0\
    CHR - Extension: WOT = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.4_0\
    CHR - Extension: Mark for Later = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\biaphbpdaodeegbnfphkmdldbflhfinh\0.3.0_0\
    CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.7_0\
    CHR - Extension: WidgetBlock = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgiihiookhijpbhaflohognbhmamdnol\0.1.14_0\
    CHR - Extension: Keep My Opt-Outs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
    CHR - Extension: Zotero Connector for Chrome = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\2.999.1_0\
    CHR - Extension: Zotero Connector for Chrome = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\2.999.1_0\.svn\text-base\.svn-base
    CHR - Extension: RoboForm Lite = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\2.7.0_0\
    CHR - Extension: InvisibleHand = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.3.14_0\

    O1 HOSTS File: ([2011/07/31 14:07:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - No CLSID value found.
    O3 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKU\S-1-5-21-602162358-308236825-1801674531-1004..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Jawbone Updater.lnk = C:\Program Files\Jawbone\JawboneUpdater.exe ()
    O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Yankee Clipper III.lnk = D:\Program Files\Yankee Clipper\YankClip.exe (inteleXual.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: + Offline &Explorer: Download the link - Reg Error: Value error. File not found
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - Reg Error: Value error. File not found
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Customize Menu &4 - Reg Error: Value error. File not found
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Logoff &5 - Reg Error: Value error. File not found
    O8 - Extra context menu item: Open Link Target in Firefox - Reg Error: Value error. File not found
    O8 - Extra context menu item: Reset Fields &- - Reg Error: Value error. File not found
    O8 - Extra context menu item: Rf Options &O - Reg Error: Value error. File not found
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Set Fields &= - Reg Error: Value error. File not found
    O8 - Extra context menu item: Stop popups from this web page - Reg Error: Value error. File not found
    O8 - Extra context menu item: Translate this page - Reg Error: Value error. File not found
    O8 - Extra context menu item: View This Page in Firefox - Reg Error: Value error. File not found
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: compuserve.com ([]* is out of zone range - 6)
    O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: compuserve.com ([objects] * is out of zone range - 7)
    O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: linkshare.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: linksynergy.com ([]https in Trusted sites)
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab (Reg Error: Key error.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (Reg Error: Key error.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Reg Error: Key error.)
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134210557440 (MUWebControl Class)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab (Reg Error: Key error.)
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38486.9494212963 (Reg Error: Key error.)
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab (Reg Error: Key error.)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Key error.)
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Reg Error: Key error.)
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/Typography/Utility/1/WXP/EN-US/clearadj.CAB (Reg Error: Key error.)
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Reg Error: Key error.)
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} http://216.249.24.60/code/iPIX-ImageWell-ipix.cab (Reg Error: Key error.)
    O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} http://supportcentral4.sel.sony.com/sdccommon/download/sonyctl.CAB (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: ppctlcab Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45DBEE6B-BEA6-4242-B84B-4856BBB021F7}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/User/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/09/18 16:32:32 | 000,000,648 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
    O32 - Unable to obtain root file information for disk H:\
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    File not found -- C:\Documents and Settings\User\Desktop\Fire Waterfall.....
    File not found -- C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands....
    [2011/11/09 22:34:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/11/09 21:07:32 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\User\Desktop\BlitzBlank.exe
    [2011/11/09 18:40:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
    [2011/11/09 18:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TweakNow PowerPack 2011
    [2011/11/09 18:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TweakNow PowerPack 2011
    [2011/11/07 23:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Jawbone
    [2011/11/07 23:22:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/11/07 23:22:36 | 000,067,008 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
    [2011/11/07 23:22:36 | 000,035,392 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2011/11/07 23:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\JawboneUpdater
    [2011/11/07 23:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Jawbone
    [2011/11/07 23:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder
    [2011/11/02 20:59:48 | 000,000,000 | ---D | C] -- D:\My Documents\C Drive\Logitech E3500 Quic Cam manual
    [2011/11/02 13:03:48 | 000,000,000 | ---D | C] -- D:\My Documents\C Drive\Comcast Statements 11-2-11
    [2011/10/29 23:34:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/10/29 14:11:03 | 000,000,000 | ---D | C] -- C:\MATS
    [2011/10/29 12:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SONY Drivers Update Utility
    [2011/10/17 02:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
    [2011/10/16 16:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
    [2011/10/16 16:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/10/16 11:42:27 | 000,000,000 | ---D | C] -- D:\My Documents\C Drive\Bluetooth Dongle BlueSoleil 10-16-11
    [2011/10/15 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========
     
  14. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    OTL logfile part 2

    File not found -- C:\Documents and Settings\User\Desktop\Fire Waterfall.....
    File not found -- C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands....
    [2102/12/06 06:01:44 | 000,000,132 | ---- | M] () -- D:\My Documents\C Drive\USA_and_Canada-22.meta.dct
    [2011/11/09 23:11:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core1cc27e486266d16.job
    [2011/11/09 22:34:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/11/09 21:07:16 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\User\Desktop\BlitzBlank.exe
    [2011/11/09 19:02:53 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/09 18:31:41 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweakNow PowerPack 2011.lnk
    [2011/11/09 18:15:23 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe
    [2011/11/08 19:21:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2011/11/08 19:21:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2011/11/08 01:57:20 | 000,000,075 | ---- | M] () -- C:\WINDOWS\USBBC.ini
    [2011/11/07 23:21:47 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Jawbone Updater.lnk
    [2011/11/07 19:16:42 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Excel.lnk
    [2011/11/02 16:29:09 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/01 12:34:06 | 000,000,057 | ---- | M] () -- C:\WINDOWS\eBible.INI
    [2011/11/01 12:11:27 | 000,000,484 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2011/10/31 16:34:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/10/31 16:34:18 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
    [2011/10/31 03:43:09 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
    [2011/10/31 03:40:41 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/10/21 02:05:47 | 000,029,139 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TowerHill2011.pdf
    [2011/10/17 04:00:48 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0
    [2011/10/16 11:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0
    [2011/10/15 17:16:37 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
    [2011/10/12 19:04:07 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/09 18:31:41 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweakNow PowerPack 2011.lnk
    [2011/11/09 18:15:29 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe
    [2011/11/07 23:21:47 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Jawbone Updater.lnk
    [2011/10/31 03:43:09 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
    [2011/10/21 02:05:47 | 000,029,139 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TowerHill2011.pdf
    [2011/10/16 11:39:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0
    [2011/10/16 11:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0
    [2011/10/15 17:16:37 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
    [2011/10/15 17:16:37 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
    [2011/10/15 17:16:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2011/08/24 12:58:06 | 000,216,504 | ---- | C] () -- C:\Program Files\QDATA.IDX
    [2011/08/03 18:00:57 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2011/08/02 18:24:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/08/02 18:24:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/08/02 18:24:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/08/02 18:24:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/08/02 18:24:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/08 01:24:25 | 000,342,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2007/04/12 02:20:49 | 000,000,067 | ---- | C] () -- C:\WINDOWS\GDINST.INI
    [2007/01/21 23:50:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2007/01/13 20:54:49 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\User\Application Data\WavCodec.wff
    [2006/12/18 22:10:32 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
    [2006/12/02 01:40:35 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
    [2006/10/11 12:52:12 | 000,020,811 | ---- | C] () -- C:\WINDOWS\System32\drivers\IPFWHook.sys
    [2006/09/25 15:13:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/07/12 03:46:00 | 000,000,910 | ---- | C] () -- C:\WINDOWS\speakfre.ini
    [2006/07/09 02:33:51 | 000,000,057 | ---- | C] () -- C:\WINDOWS\eBible.INI
    [2006/05/22 18:35:37 | 000,112,373 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
    [2006/05/22 18:35:37 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
    [2006/04/03 17:48:07 | 000,071,195 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
    [2006/04/03 17:44:17 | 000,070,721 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
    [2006/02/09 16:32:57 | 000,000,121 | ---- | C] () -- C:\WINDOWS\pjic.INI
    [2006/02/08 22:17:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2006/02/08 21:44:59 | 000,112,834 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
    [2006/02/08 21:44:59 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
    [2006/01/16 22:56:51 | 000,072,846 | ---- | C] () -- C:\WINDOWS\hpfins09.dat
    [2006/01/16 18:24:06 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2005/09/17 02:23:59 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
    [2005/09/10 17:07:01 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
    [2005/09/05 22:24:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
    [2005/08/08 05:17:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/08/02 19:27:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2005/06/24 02:51:15 | 000,000,070 | ---- | C] () -- C:\WINDOWS\MVFPT32.INI
    [2005/06/24 02:43:41 | 000,000,067 | ---- | C] () -- C:\WINDOWS\LAHBWN32.INI
    [2005/06/06 02:48:11 | 000,038,490 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).ADR
    [2005/06/03 11:51:40 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2005/06/03 11:51:39 | 000,049,637 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2005/06/03 11:51:39 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2005/06/03 11:51:39 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2005/06/03 11:51:39 | 000,015,652 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2005/06/03 11:51:39 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2005/06/03 11:51:39 | 000,011,413 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2005/06/03 11:51:39 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2005/06/03 11:51:39 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2005/06/03 11:51:39 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2005/06/03 11:51:39 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2005/06/03 11:51:39 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2005/06/03 11:51:39 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2005/06/03 11:51:39 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2005/05/31 02:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/05/15 00:55:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
    [2005/01/17 01:33:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\sversion.ini
    [2005/01/17 01:23:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
    [2005/01/15 00:25:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2005/01/15 00:02:18 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
    [2005/01/15 00:00:33 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
    [2005/01/11 00:49:09 | 000,000,033 | ---- | C] () -- C:\WINDOWS\AutoSafe.ini
    [2005/01/05 23:32:45 | 000,000,750 | ---- | C] () -- C:\WINDOWS\WDD_COMPARE_DIR_CFX1.INI
    [2004/12/30 07:03:32 | 000,000,830 | ---- | C] () -- C:\WINDOWS\MD_MacroDiffs.INI
    [2004/12/30 07:03:31 | 000,000,750 | ---- | C] () -- C:\WINDOWS\MD_MicroDiffs.INI
    [2004/12/30 06:23:02 | 000,000,011 | ---- | C] () -- C:\WINDOWS\MS_VXD_Ext.DLL
    [2004/12/30 06:23:02 | 000,000,011 | ---- | C] () -- C:\WINDOWS\MS_Ext1.DLL
    [2004/12/05 13:16:11 | 000,004,276 | ---- | C] () -- C:\Program Files\QDATA.QTX
    [2004/11/30 00:48:56 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
    [2004/11/19 10:03:14 | 000,000,225 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2004/11/18 15:26:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\intercon.ini
    [2004/11/18 05:34:45 | 000,006,336 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2004/11/09 19:36:18 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2004/11/09 19:34:23 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2004/10/19 11:29:53 | 000,000,367 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
    [2004/10/19 11:29:53 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
    [2004/10/19 11:29:53 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
    [2004/09/26 01:22:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/21 16:21:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
    [2004/07/30 00:57:35 | 000,165,376 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2004/07/28 09:23:44 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2004/05/31 02:33:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2004/05/27 02:42:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\AR.DAT
    [2004/05/21 23:22:58 | 000,350,173 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
    [2004/05/21 19:18:06 | 000,000,030 | ---- | C] () -- C:\Program Files\QWRS.DAT
    [2004/05/21 19:18:06 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
    [2004/05/21 19:17:59 | 000,000,225 | ---- | C] () -- C:\Program Files\qreqst.dat
    [2004/05/21 03:32:36 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/05/19 03:27:21 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/05/14 00:40:32 | 000,000,532 | ---- | C] () -- C:\WINDOWS\netdet.ini
    [2004/05/13 14:41:02 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
    [2004/05/13 14:41:02 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
    [2004/05/13 14:39:50 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
    [2004/03/26 23:14:19 | 000,000,204 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
    [2004/03/25 09:33:55 | 000,000,152 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2004/03/09 06:23:36 | 000,000,144 | ---- | C] () -- C:\WINDOWS\smrpro.INI
    [2004/03/09 06:20:17 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\socketlock.sys
    [2004/03/09 05:21:19 | 000,000,803 | ---- | C] () -- C:\WINDOWS\ldp.INI
    [2004/03/09 04:13:06 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
    [2004/02/23 14:39:03 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
    [2004/02/23 14:25:01 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
    [2004/02/23 14:25:01 | 000,003,953 | R--- | C] () -- C:\WINDOWS\System32\coinst.dll
    [2004/02/21 21:04:41 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Progs_.ini
    [2004/01/19 13:22:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
    [2004/01/18 00:27:42 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll
    [2004/01/16 04:05:19 | 000,427,776 | ---- | C] () -- C:\WINDOWS\Q831167.exe
    [2004/01/15 09:29:18 | 000,044,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kdata.sys
    [2004/01/03 17:33:08 | 000,000,072 | ---- | C] () -- C:\WINDOWS\efaxview.ini
    [2003/12/28 00:37:24 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ntl.ini
    [2003/12/10 02:10:49 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
    [2003/11/19 12:55:52 | 000,000,035 | ---- | C] () -- C:\WINDOWS\addrem.ini
    [2003/11/17 19:40:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/11/17 07:09:47 | 000,000,046 | ---- | C] () -- C:\Program Files\Q3.DIR
    [2003/11/17 06:46:11 | 000,007,168 | ---- | C] () -- C:\Program Files\ofxroots.crt
    [2003/11/17 06:41:59 | 000,033,792 | ---- | C] () -- C:\Program Files\FILIST.QFI
    [2003/11/17 06:37:19 | 000,001,024 | ---- | C] () -- C:\Program Files\qw.CFG
    [2003/11/17 06:35:05 | 000,000,032 | ---- | C] () -- C:\Program Files\QDATA.QPH
    [2003/11/17 06:34:02 | 000,803,840 | ---- | C] () -- C:\Program Files\QDATA.QEL
    [2003/11/17 06:33:26 | 003,295,512 | ---- | C] () -- C:\Program Files\QDATA.QDF
    [2003/11/17 06:28:29 | 000,020,736 | ---- | C] () -- C:\Program Files\QW.RMD
    [2003/11/14 05:17:08 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003/11/14 04:05:02 | 000,000,242 | ---- | C] () -- C:\WINDOWS\qwimp.ini
    [2003/11/13 06:56:25 | 000,044,032 | ---- | C] () -- C:\WINDOWS\Unwash5.exe
    [2003/11/13 02:29:51 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/11/12 21:22:56 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2003/11/12 03:00:00 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\ssoftnt4.sys
    [2003/11/03 10:09:02 | 000,217,837 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
    [2003/04/02 13:19:22 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
    [2003/04/02 13:19:16 | 000,878,592 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2002/11/22 14:04:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\metazlib.dll
    [2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
    [2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
    [2001/12/14 18:03:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
    [2001/12/14 18:02:55 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
    [2001/12/14 17:46:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
    [2001/12/14 17:44:05 | 000,000,210 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2001/12/14 17:35:03 | 000,000,165 | ---- | C] () -- C:\WINDOWS\photoprn.ini
    [2001/12/14 17:03:19 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2001/12/14 17:03:19 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2001/12/14 17:03:17 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
    [2001/12/14 16:14:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2001/12/14 15:45:42 | 000,000,906 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2001/12/14 14:26:24 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2001/12/14 14:25:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/12/14 14:25:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2001/12/14 07:31:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2001/01/22 03:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
    [1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
    [1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

    ========== LOP Check ==========

    [2001/12/14 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.VALUED-7B9600FA\Application Data\InterTrust
    [2011/03/09 01:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
    [2011/10/17 04:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
    [2011/02/16 14:18:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/10/16 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/06/23 20:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2007/03/11 22:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2004/12/22 07:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2011/07/27 01:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/02/16 20:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2004/07/06 17:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2007/05/12 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/01/16 22:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bubba.VALUED-7B9600FA\Application Data\Image Zone Express
    [2001/12/14 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bubba.VALUED-7B9600FA\Application Data\InterTrust
    [2001/12/14 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
    [2007/01/10 18:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
    [2011/08/21 02:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CloneSpy
    [2011/11/01 12:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
    [2006/05/22 14:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express
    [2011/11/07 23:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\JawboneUpdater
    [2004/04/27 21:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Offline Explorer
    [2006/09/09 16:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
    [2011/10/29 18:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SONY Drivers Update Utility
    [2011/11/09 18:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TweakNow PowerPack 2011
    [2011/10/31 16:34:18 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
    ========== Purity Check ==========
    ========== Alternate Data Streams ==========
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    < End of report >
     
  15. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    OTL Extras logfile

    OTL Extras logfile created on: 11/10/2011 12:23:09 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.53 Mb Total Physical Memory | 305.87 Mb Available Physical Memory | 59.80% Memory free
    1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.32% Paging File free
    Paging file location(s): D:\pagefile.sys 768 1524I:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 14.94 Gb Total Space | 1.86 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
    Drive D: | 59.59 Gb Total Space | 44.10 Gb Free Space | 74.00% Space Free | Partition Type: NTFS
    Drive H: | 3.65 Gb Total Space | 0.47 Gb Free Space | 12.94% Space Free | Partition Type: FAT32

    Computer Name: NA | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .js [@ = JSFile] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "D:\Program Files\iRider2.48\iRider.exe" (Wymea Bay)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    jsfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
     
  16. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    OTL Extras logfile Part 2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/31/2011 5:37:47 PM | Computer Name = NA | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 10/31/2011 5:37:50 PM | Computer Name = NA | Source = LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings of the 009 language
    ID. The Win32 status returned by the call is the first DWORD in Data section.

    Error - 11/1/2011 1:17:30 PM | Computer Name = NA | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 11/1/2011 1:17:33 PM | Computer Name = NA | Source = LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings of the 009 language
    ID. The Win32 status returned by the call is the first DWORD in Data section.

    Error - 11/3/2011 12:23:47 AM | Computer Name = NA | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 11/3/2011 12:23:50 AM | Computer Name = NA | Source = LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings of the 009 language
    ID. The Win32 status returned by the call is the first DWORD in Data section.

    Error - 11/8/2011 11:51:12 AM | Computer Name = NA | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 11/8/2011 11:51:16 AM | Computer Name = NA | Source = LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings of the 009 language
    ID. The Win32 status returned by the call is the first DWORD in Data section.

    Error - 11/8/2011 10:42:58 PM | Computer Name = NA | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 11/8/2011 10:43:01 PM | Computer Name = NA | Source = LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings of the 009 language
    ID. The Win32 status returned by the call is the first DWORD in Data section.

    [ System Events ]
    Error - 10/17/2011 8:02:00 AM | Computer Name = NA | Source = Removable Storage Service | ID = 262255
    Description = RSM could not load media in drive Drive 0 of library Kingston DT 101
    G2 USB Device.

    Error - 10/17/2011 8:20:35 AM | Computer Name = NA | Source = Removable Storage Service | ID = 262255
    Description = RSM could not load media in drive Drive 0 of library Kingston DT 101
    G2 USB Device.

    Error - 10/17/2011 8:20:43 AM | Computer Name = NA | Source = Removable Storage Service | ID = 262255
    Description = RSM could not load media in drive Drive 0 of library Kingston DT 101
    G2 USB Device.

    Error - 10/20/2011 10:32:07 AM | Computer Name = NA | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/27/2011 10:14:02 PM | Computer Name = NA | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/29/2011 3:19:02 PM | Computer Name = NA | Source = Service Control Manager | ID = 7034
    Description = The Windows Installer service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/29/2011 6:50:04 PM | Computer Name = NA | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/30/2011 12:27:43 PM | Computer Name = NA | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.3 on
    the Network Card with network address 00E01855C6AB.

    Error - 10/31/2011 5:33:43 PM | Computer Name = NA | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 11/1/2011 12:27:48 PM | Computer Name = NA | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.3 on
    the Network Card with network address 00E01855C6AB.


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      File not found -- C:\Documents and Settings\User\Desktop\Fire Waterfall.....
      File not found -- C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands....
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  18. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    BTW...Those two files are still on my desktop. Here is that log. TY.


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: Administrator.VALUED-7B9600FA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Bubba
    ->Flash cache emptied: 300 bytes

    User: Bubba.VALUED-7B9600FA
    ->Temp folder emptied: 5897 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 31460 bytes
    ->Flash cache emptied: 646 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 49554 bytes
    ->Flash cache emptied: 348 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: User
    ->Temp folder emptied: 67494 bytes
    ->Temporary Internet Files folder emptied: 1821780 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 23198904 bytes
    ->Flash cache emptied: 61150 bytes

    User: User.VALUED-7B9600FA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 60 bytes
    %systemroot%\System32 .tmp files removed: 560240 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 125464 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 402 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 25.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.VALUED-7B9600FA

    User: All Users

    User: Bubba
    ->Flash cache emptied: 0 bytes

    User: Bubba.VALUED-7B9600FA
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner

    User: User
    ->Flash cache emptied: 0 bytes

    User: User.VALUED-7B9600FA

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11102011_144756

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1RASIQX\c3QDNjQ2MjE0NgRjYXQDbWRiBGNkbgMEcGcDBHBsX3MDBHBscl9zA09TSTBYSFhaYjZQdjNJd1FsdDNhMUcEcmQDc3BvbnNvcmVkLm1lc3Nlbmdlci55YWhvby5jb20Ec2VjA3BiBHNpZAMEc2xrA2xkBHZpZAMyNjU1MjEwNQ--[1].gif not found!
    File\Folder C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\GW00GNL0\mx_spot1;net=cm;u=,cm-10219642062_1318636553,123289ed428e0cf,ads,ax[1].;;sz=300x250;rmx_boom=ron;net=cm;env=ifr;ord1=579146;dcopt=ist;cmw=owl;contx=ads;an=;dc=w;btg=;ord=1318636549 not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6c8.dat not found!

    Registry entries deleted on Reboot...
     
  19. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands....
      C:\Documents and Settings\User\Desktop\Fire Waterfall.....
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  20. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Ran It

    Ran it again...funny thing is with those commands, my computer just hangs on "shutting down". I see see the "remnants" of those files on my desktop which is so strange because when I delete or move to recycle bin it says source can't be found. Attached a pic of my desktop with those files. Here is the OTL log.TY.

    undeletable files.jpg


    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands.... not found.
    File\Folder C:\Documents and Settings\User\Desktop\Fire Waterfall..... not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: Administrator.VALUED-7B9600FA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Bubba
    ->Flash cache emptied: 0 bytes

    User: Bubba.VALUED-7B9600FA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: User
    ->Temp folder emptied: 246440 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 12201108 bytes
    ->Flash cache emptied: 912 bytes

    User: User.VALUED-7B9600FA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 4720 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 125939 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 12.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.VALUED-7B9600FA

    User: All Users

    User: Bubba
    ->Flash cache emptied: 0 bytes

    User: Bubba.VALUED-7B9600FA
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner

    User: User
    ->Flash cache emptied: 0 bytes

    User: User.VALUED-7B9600FA

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11102011_155905

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\Perflib_Perfdata_720.dat moved successfully.

    Registry entries deleted on Reboot...
     
  21. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    What options are presented when you right click on those files?
     
  22. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Right Click

    I'm assuming you mean in properties as there are all the usual cut,copy,delete, send to etc. along with specific program ones. When I try and delete, the message is
    "Cannot delete file. Cannot read from source file or disk." Same thing if I try and move them to the recycle bin.

    Right clicking properties for both:
    Location: C:\Documents and Settings\User\Desktop
    Size: 0
    Size on Disk:0

    Under advanced, only "For Fast Searching, allow indexing of this file."
    Strange, eh?
     
  23. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Let's try one more time with different code...

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Documents and Settings\User\Desktop\Fire*
      C:\Documents and Settings\User\Desktop\An oldie*
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  24. MrEd

    MrEd TS Rookie Topic Starter Posts: 70

    Script Error Resulted

    Files still on my desktop but upon reboot my "Active Desktop" was gone. When I click to restore it I get this error:

    IE Script Error
    Line: 65
    Char: 1
    Code: 0

    file:///C:/Documents%20and%20Settings/User/Application%20Data/Microsoft/Internet%20Explorer/Desktop.htt

    When I click Yes (or No) on "Do you want to continue running scripts on this page"?
    The box just closes and I still have that white desktop. How do we fix that please?

    Here is the OTL log:

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File move failed. C:\Documents and Settings\User\Desktop\Fire Waterfall..... scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands.... scheduled to be moved on reboot.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: Administrator.VALUED-7B9600FA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Bubba
    ->Flash cache emptied: 0 bytes

    User: Bubba.VALUED-7B9600FA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: User
    ->Temp folder emptied: 246440 bytes
    ->Temporary Internet Files folder emptied: 203511 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 57605088 bytes
    ->Flash cache emptied: 1413 bytes

    User: User.VALUED-7B9600FA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 4720 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 125939 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 56.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.VALUED-7B9600FA

    User: All Users

    User: Bubba
    ->Flash cache emptied: 0 bytes

    User: Bubba.VALUED-7B9600FA
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner

    User: User
    ->Flash cache emptied: 0 bytes

    User: User.VALUED-7B9600FA

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11102011_224726

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\User\Desktop\Fire Waterfall..... not found!
    File\Folder C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands.... not found!
    C:\WINDOWS\temp\Perflib_Perfdata_724.dat moved successfully.

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Did you reboot?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.