Solved Trojans, Trojans, and more Trojans. . . Please Help!

[Broni]

Good

We're done with Combofix, so can re-attempt to reinstall Norton.

Then....

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[thisguy]

OTL.txt Part 1

OTL logfile created on: 1/25/2011 2:22:27 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 54.55 Gb Free Space | 39.04% Space Free | Partition Type: NTFS
Drive E: | 546.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 121.39 Mb Total Space | 63.52 Mb Free Space | 52.33% Space Free | Partition Type: FAT32

Computer Name: BATTLEAXE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/25 14:21:55 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/12/15 17:07:50 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2010/12/15 17:07:48 | 000,917,648 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/10/14 07:52:04 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2010/03/29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/09 21:29:14 | 003,165,696 | ---- | M] () -- C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
PRC - [2006/11/09 18:44:32 | 000,221,184 | ---- | M] (T-wins) -- C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
PRC - [2006/11/08 18:00:34 | 000,188,416 | ---- | M] (zestant) -- C:\Program Files\reSizer\resizer.exe
PRC - [2004/03/18 09:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2011/01/25 14:21:55 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 07:00:00 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll
MOD - [2008/04/14 07:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2004/03/18 09:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2004/03/18 09:26:48 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/03/18 09:26:12 | 000,005,120 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\KbdHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/15 17:07:50 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [On_Demand | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/12/23 16:12:58 | 001,570,752 | ---- | M] (SlySoft Inc.) [Disabled | Stopped] -- C:\Program Files\SlySoft\Game Jackal v4\Server.exe -- (GJService)
SRV - [2009/12/16 23:31:10 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\Rosewill\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/19 16:12:46 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2008/12/01 09:58:22 | 000,034,104 | ---- | M] (APC) [Disabled | Stopped] -- C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe -- (APCPBEAgent)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/19 21:28:03 | 000,587,096 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2007/10/19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [On_Demand | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/24 21:56:54 | 000,123,064 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2006/11/24 21:56:28 | 001,138,880 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2006/05/08 18:10:38 | 001,123,840 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe -- (EZ-Backup Manager)
SRV - [2005/09/02 23:15:30 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/02/25 12:19:06 | 001,253,376 | ---- | M] (PowerQuest Corporation) [On_Demand | Stopped] -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- (V2i Protector)
SRV - [2004/02/25 10:43:06 | 000,053,248 | ---- | M] (GEAR Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2002/04/11 19:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Disabled | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/01/25 14:19:53 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/01 14:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/11/30 15:43:26 | 000,030,888 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010/10/16 13:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/23 04:11:28 | 000,298,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 12:30:40 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2010/08/24 12:30:40 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/08/24 12:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/08/13 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/13 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/08 22:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/28 22:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010/07/28 21:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010/07/28 21:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/07/12 20:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/06/26 23:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/26 23:05:05 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys -- (IDSxpx86)
DRV - [2010/06/21 17:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/06/13 05:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/17 03:13:20 | 000,261,672 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv91xx.sys -- (mv91xx)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/12/23 15:47:08 | 000,043,456 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maploml.sys -- (MaplomL)
DRV - [2009/12/23 15:45:28 | 000,046,016 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maplom.sys -- (Maplom)
DRV - [2009/08/03 10:57:38 | 000,724,736 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/04/21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/02/11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/12/26 22:28:14 | 000,095,592 | ---- | M] (Rocket Division Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2008/12/01 11:06:40 | 000,561,536 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/12/01 11:06:40 | 000,132,352 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/11/14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/08/05 20:59:05 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/26 15:26:56 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 15:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 15:24:50 | 000,095,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 07:00:00 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 23:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 23:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/03/12 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/03/12 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/10/22 05:33:40 | 000,068,624 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2007/10/19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 17:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/10/09 01:41:18 | 000,313,856 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (6077757b)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/08/11 14:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2006/08/11 14:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 14:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 14:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 14:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 14:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 14:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 14:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 14:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 14:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/12/21 21:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/11/10 17:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/09/20 04:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/01/27 18:06:30 | 000,508,304 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca50xav.sys -- (Ca50xav)
DRV - [2005/01/20 01:52:13 | 000,015,271 | ---- | M] (MediaTek Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FIDE.SYS -- (MTK)
DRV - [2004/10/07 09:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/13 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/12/17 09:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2003/10/16 20:15:18 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2002/12/30 10:53:36 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2002/08/14 00:00:00 | 000,093,594 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/08/14 00:00:00 | 000,013,782 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\VirtualCD\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/10/16 00:35:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/01/25 14:19:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/11 21:19:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/11 21:19:43 | 000,000,000 | ---D | M]

[2010/02/15 23:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2011/01/25 00:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\extensions
[2008/09/22 21:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/05/07 22:36:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/01/29 00:40:53 | 000,000,000 | ---D | M] (Page Update Checker) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\extensions\{48998E1D-262B-47cb-9D9F-02D1906F1561}
[2011/01/12 02:51:48 | 000,000,000 | ---D | M] (MetaProducts Integration) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
[2008/09/22 21:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/14 23:17:38 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\extensions\DeviceDetection@logitech.com
[2011/01/14 23:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\extensions\staged-xpis
[2011/01/25 00:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\COFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPLGN
[2007/10/16 00:35:41 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2011/01/25 13:36:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Ai Quicker Help] C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\reSizer.lnk = C:\Program Files\reSizer\resizer.exe (zestant)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Highlight - C:\WINDOWS\Web\highlight.htm ()
O8 - Extra context menu item: &Links List - C:\WINDOWS\Web\urllist.htm ()
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\add_url.htm ()
O8 - Extra context menu item: Clear Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm ()
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\Web\frm2new.htm ()
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2009\Parser.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\Web\zoomin.htm ()
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\Web\zoomout.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: corel.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: corel.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.111.100
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ebahn {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-ebahn {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Program Files\eBahn\eztoolslib2.dll ()
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\eBahn\hsppp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Hurricane Jeane.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Hurricane Jeane.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/16 23:56:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/04 15:24:23 | 000,000,175 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (59123355860598784)

 

[thisguy]

OLT.txt Part2

========== Files/Folders - Created Within 30 Days ==========

[2011/01/25 14:21:55 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/01/25 14:19:53 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/25 14:19:53 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/25 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/01/25 14:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2011/01/25 03:18:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/25 03:08:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/25 03:08:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/25 03:08:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/25 03:08:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/25 03:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/25 03:01:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/25 02:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1205000.07D
[2011/01/25 02:31:34 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.sys
[2011/01/25 02:31:34 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.sys
[2011/01/25 02:31:34 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdi.sys
[2011/01/25 02:31:34 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.sys
[2011/01/25 02:31:34 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdiv.sys
[2011/01/25 02:31:34 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnets.sys
[2011/01/25 02:31:34 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.sys
[2011/01/25 02:31:33 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Ironx86.sys
[2011/01/25 02:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2011/01/25 02:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1201000.025
[2011/01/24 16:54:04 | 000,000,000 | ---D | C] -- C:\Tools
[2011/01/24 02:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/23 22:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/23 22:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/23 21:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
[2011/01/23 18:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/23 16:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2011/01/23 10:52:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/23 10:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/23 10:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/23 10:52:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/23 10:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\1Malwarebytes' Anti-Malware
[2011/01/23 01:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/22 17:30:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/01/22 02:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/01/22 02:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/01/22 02:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/22 01:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Windows Scan
[2011/01/22 01:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jHnMb06504
[2011/01/22 00:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\OneNote Notebooks
[2011/01/15 01:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Logishrd
[2011/01/15 01:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2011/01/15 01:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2011/01/15 01:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Logishrd
[2011/01/14 21:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AI RoboForm
[2011/01/14 17:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/01/14 00:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Realtime Soft
[2011/01/14 00:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\UltraMon
[2011/01/14 00:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Realtime Soft
[2011/01/14 00:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Realtime Soft
[2011/01/13 22:54:22 | 000,000,000 | ---D | C] -- C:\spy++
[2011/01/11 21:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/11 21:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/11 21:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\LeechGet 2009
[2011/01/11 21:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LeechGet 2009
[2011/01/11 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/09 21:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ASUS
[2011/01/09 01:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\MetaProducts Download Express
[2011/01/09 01:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\MetaProducts
[2011/01/09 01:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Download Express
[2011/01/04 21:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My Barnes & Noble eBooks
[2011/01/04 21:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Barnes & Noble
[2011/01/04 21:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Barnes & Noble
[2011/01/04 21:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Barnes & Noble
[2011/01/04 20:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Carbonite
[2011/01/03 19:39:28 | 000,374,048 | ---- | C] (Marvell) -- C:\WINDOWS\System32\yk51x86.dll
[2011/01/03 11:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/01/03 11:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comcast
[2011/01/03 11:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comcast
[2011/01/03 11:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\SupportSoft
[2011/01/03 11:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2011/01/03 11:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI
[2011/01/02 20:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Music Tools
[2011/01/02 19:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Video & DVD Tools
[2011/01/02 19:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Music Tools
[2011/01/02 19:20:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Tools
[2011/01/02 16:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kohler
[2008/12/16 00:14:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Chris\Application Data\pcouffin.sys
[2008/09/25 20:00:18 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/25 14:21:55 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/01/25 14:19:53 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/25 14:19:53 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/25 14:19:53 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/25 14:19:53 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/01/25 14:19:51 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2011/01/25 14:12:54 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Trojans, Trojans, and more Trojans. . . Please Help! - Page 2 - TechSpot OpenBoards#post995621.url
[2011/01/25 13:57:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/25 13:37:41 | 000,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/01/25 13:36:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/25 13:36:15 | 000,012,820 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/25 13:35:57 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/25 13:35:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/25 13:35:09 | 3220,258,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/25 13:35:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/01/25 13:35:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/01/25 13:04:09 | 000,486,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/25 13:04:09 | 000,081,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/25 12:50:58 | 000,932,288 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Norton_Removal_Tool.exe
[2011/01/25 03:18:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/25 02:52:22 | 004,160,066 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2011/01/25 02:38:18 | 000,648,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1205000.07D\Cat.DB
[2011/01/25 02:32:08 | 000,648,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2011/01/25 02:04:20 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\rkill.exe
[2011/01/25 02:04:14 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\rkill.scr
[2011/01/25 02:04:06 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\rkill.com
[2011/01/25 01:58:12 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\MBRCheck.exe
[2011/01/24 23:49:58 | 000,007,252 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/01/24 19:51:04 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/24 06:52:48 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\stinger10101327.opt
[2011/01/23 22:15:03 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 18:07:06 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/23 16:47:49 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/22 23:22:39 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2011/01/22 01:19:46 | 000,033,477 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IMG_4009 (Small).JPG
[2011/01/22 01:19:46 | 000,032,302 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IMG_4010 (Small).JPG
[2011/01/22 00:26:29 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/01/21 17:46:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/21 16:49:42 | 003,709,691 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IMG_4010.JPG
[2011/01/21 16:49:30 | 003,275,820 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IMG_4009.JPG
[2011/01/21 00:45:21 | 000,932,505 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\TestData.zip
[2011/01/20 13:53:18 | 000,132,619 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Chris Kalb Resume 05272010c.pdf
[2011/01/20 13:52:45 | 000,030,093 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Chris Kalb Resume 05272010b.docx
[2011/01/19 08:12:47 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/17 23:29:31 | 000,071,101 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SarahMelissaFlight.pdf
[2011/01/17 23:17:37 | 000,081,947 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SarahMelissaTrip.pdf
[2011/01/14 01:33:20 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Chris\Application Data\pcouffin.sys
[2011/01/14 01:33:20 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\pcouffin.cat
[2011/01/14 01:33:20 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\pcouffin.inf
[2011/01/14 00:15:45 | 002,434,560 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\UltraMon_3.1.0_en_x32.msi
[2011/01/13 22:40:18 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2011/01/13 22:23:51 | 000,241,144 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/13 22:23:51 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/13 04:24:06 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\nViewFix.reg
[2011/01/13 03:04:51 | 000,241,144 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/13 02:05:38 | 000,002,189 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel WinDVD9.lnk
[2011/01/12 02:54:33 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/12 01:40:25 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\MEDCO HEALTH STORE! Now open to all! $10 off $25 for everyone and .99 flat rate ship.URL
[2011/01/11 21:39:32 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/11 16:56:40 | 006,160,577 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\WNDR3700-V1.0.4.68NA.img
[2011/01/11 03:04:20 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Hosting Review Web hosting comparison site rates, reviews best web hosting companies.url
[2011/01/09 21:14:02 | 005,701,956 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\DHRemote10105_Wxp2kWxp64Vista.zip
[2011/01/09 02:10:27 | 000,729,664 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Plug-In.exe
[2011/01/06 01:08:15 | 000,060,288 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IMG_3521.jpg
[2011/01/06 01:00:02 | 000,876,071 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IMG_3442 copy.jpg
[2011/01/04 13:03:42 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/01/02 16:34:17 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Hands On Childrens Museum - Jacksonville.URL
[2011/01/02 16:27:19 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Product Manager Job in Jacksonville 32256, Florida US.URL
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/25 14:20:56 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Trojans, Trojans, and more Trojans. . . Please Help! - Page 2 - TechSpot OpenBoards#post995621.url
[2011/01/25 14:19:53 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/25 14:19:53 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/01/25 14:19:51 | 000,002,090 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2011/01/25 12:59:59 | 3220,258,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/25 12:57:41 | 000,932,288 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Norton_Removal_Tool.exe
[2011/01/25 03:18:06 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/01/25 03:18:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/25 03:08:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/25 03:08:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/25 03:08:54 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/25 03:08:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/25 03:08:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/25 03:00:45 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\rkill.scr
[2011/01/25 03:00:44 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\rkill.exe
[2011/01/25 03:00:43 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\rkill.com
[2011/01/25 03:00:36 | 004,160,066 | R--- | C] () -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2011/01/25 02:41:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\MBRCheck.exe
[2011/01/25 02:38:04 | 000,648,626 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1205000.07D\Cat.DB
[2011/01/25 02:32:00 | 000,648,626 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2011/01/25 02:31:29 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.inf
[2011/01/25 02:31:29 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.inf
[2011/01/25 02:31:29 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNetV.inf
[2011/01/25 02:31:29 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.inf
[2011/01/25 02:31:29 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.inf
[2011/01/25 02:31:29 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.inf
[2011/01/25 02:31:29 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Iron.inf
[2011/01/25 02:31:25 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnetv.cat
[2011/01/25 02:31:25 | 000,007,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.cat
[2011/01/25 02:31:25 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.cat
[2011/01/25 02:31:25 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.cat
[2011/01/25 02:31:25 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.cat
[2011/01/25 02:31:25 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.cat
[2011/01/25 02:31:25 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\iron.cat
[2011/01/25 02:31:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\isolate.ini
[2011/01/24 16:37:30 | 000,007,252 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/01/24 06:52:48 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\stinger10101327.opt
[2011/01/23 22:15:03 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 18:07:06 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 01:19:46 | 000,033,477 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\IMG_4009 (Small).JPG
[2011/01/22 01:19:46 | 000,032,302 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\IMG_4010 (Small).JPG
[2011/01/22 01:19:18 | 003,709,691 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\IMG_4010.JPG
[2011/01/22 01:19:18 | 003,275,820 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\IMG_4009.JPG
[2011/01/22 00:26:29 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/01/20 13:53:17 | 000,132,619 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Chris Kalb Resume 05272010c.pdf
[2011/01/17 23:29:29 | 000,071,101 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SarahMelissaFlight.pdf
[2011/01/17 23:17:36 | 000,081,947 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SarahMelissaTrip.pdf
[2011/01/14 01:36:01 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\reSizer.lnk
[2011/01/14 00:17:41 | 000,002,249 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\UltraMon.lnk
[2011/01/14 00:15:45 | 002,434,560 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\UltraMon_3.1.0_en_x32.msi
[2011/01/13 04:10:03 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\nViewFix.reg
[2011/01/12 01:40:25 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\MEDCO HEALTH STORE! Now open to all! $10 off $25 for everyone and .99 flat rate ship.URL
[2011/01/11 21:39:32 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/11 21:22:11 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LeechGet 2009
[2011/01/11 16:56:28 | 006,160,577 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\WNDR3700-V1.0.4.68NA.img
[2011/01/11 03:04:20 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Hosting Review Web hosting comparison site rates, reviews best web hosting companies.url
[2011/01/09 21:15:14 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/01/09 21:15:14 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/01/09 21:13:40 | 005,701,956 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\DHRemote10105_Wxp2kWxp64Vista.zip
[2011/01/09 02:10:27 | 000,729,664 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Plug-In.exe
[2011/01/06 01:08:15 | 000,060,288 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\IMG_3521.jpg
[2011/01/06 00:59:52 | 000,876,071 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\IMG_3442 copy.jpg
[2011/01/05 03:34:36 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2011/01/04 16:34:40 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/04 16:29:39 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/02 16:34:17 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Hands On Childrens Museum - Jacksonville.URL
[2011/01/02 16:27:19 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Product Manager Job in Jacksonville 32256, Florida US.URL
[2010/12/21 09:40:47 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/12/12 23:36:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2010/12/12 23:36:26 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2010/12/12 23:36:26 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2010/02/20 12:25:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2010/02/20 12:18:03 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2010/02/20 12:17:59 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009/12/30 10:17:05 | 000,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/10/10 23:49:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\APCSnmp.dll
[2009/10/01 12:17:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\53DFCDEB62.sys
[2009/10/01 12:17:30 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\663C2FFF26.sys
[2009/10/01 12:17:27 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C7156192A7.sys
[2009/10/01 12:17:08 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3A5C5EF830.sys
[2009/10/01 12:15:50 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\20AA172B0D.sys
[2009/10/01 12:15:43 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\7A999F718E.sys
[2009/10/01 12:15:42 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\08ADFEE6A6.sys
[2009/10/01 12:15:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\52BB48A68E.sys
[2009/10/01 12:15:37 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B167B42A37.sys
[2009/10/01 12:15:14 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\30E93F13BE.sys
[2009/10/01 12:15:11 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9A9124EE2D.sys
[2009/09/29 21:55:47 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\AF2B9186C4.sys
[2009/09/29 11:22:36 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\BFAA46039E.sys
[2009/09/28 23:04:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F98EEDF503.sys
[2009/09/28 23:04:21 | 000,000,168 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DD1DEC3553.sys
[2009/09/27 19:26:03 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\120C05AF9E.sys
[2009/09/27 19:23:16 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C557D8E545.sys
[2009/09/27 19:23:15 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3B25859A2E.sys
[2009/09/27 19:23:15 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2C718B9044.sys
[2009/09/27 19:23:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\6F7E2AC7E5.sys
[2009/09/27 19:21:14 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8813E81B4C.sys
[2009/09/27 19:21:12 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\893CE7A109.sys
[2009/09/27 19:21:10 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\33E3BC1A81.sys
[2009/09/27 19:20:27 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B1F30E84D7.sys
[2009/09/27 19:20:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C08A1F6CF5.sys
[2009/09/27 19:20:15 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\74C5A243C7.sys
[2009/09/27 19:20:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9CAC644135.sys
[2009/09/27 19:19:07 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F7E17B9914.sys
[2009/09/27 19:19:05 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\6397EC6E2C.sys
[2009/09/27 19:19:00 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2A4A8CAF83.sys
[2009/09/27 19:19:00 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1F85C2F35E.sys
[2009/09/27 19:18:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\7BE7399B65.sys
[2009/09/27 12:46:08 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B0816DF56A.sys
[2009/09/27 12:41:12 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E087B28574.sys
[2009/09/27 12:41:11 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5C9A772133.sys
[2009/09/27 12:41:07 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0F64BD8874.sys
[2009/09/27 12:35:54 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D2562AA5AA.sys
[2009/09/27 01:27:46 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4E8A9FA06A.sys
[2009/09/27 01:21:29 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\726C0B8305.sys
[2009/09/27 01:21:15 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\94C8776C3F.sys
[2009/09/27 01:21:12 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\52006DEC55.sys
[2009/09/27 01:20:51 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0DD7FD4647.sys
[2009/09/27 01:20:48 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B0D3F12AFD.sys
[2009/09/27 01:19:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\677A9CE303.sys
[2009/09/27 01:18:55 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F9BE20442B.sys
[2009/09/27 01:18:46 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B455B2D26E.sys
[2009/09/27 01:18:39 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2CFAE5E461.sys
[2009/09/27 01:18:36 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2CD8A9A8D8.sys
[2009/09/24 08:11:14 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9C57F14B1D.sys
[2009/09/24 08:10:53 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9EB7EF6541.sys
[2009/09/23 23:39:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\63DA15B49F.sys
[2009/09/23 23:38:18 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D9EC30FAB6.sys
[2009/09/23 23:38:17 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\59BFF3B5E9.sys
[2009/09/23 23:38:12 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\042F5FC10B.sys
[2009/09/23 23:38:09 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4FA5AB3ACE.sys
[2009/09/23 23:37:13 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D59FF6F795.sys
[2009/09/23 23:36:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\AAD1F7E25E.sys
[2009/09/23 23:34:23 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\60B34CCB6B.sys
[2009/09/23 23:33:36 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8E4FD1801C.sys
[2009/09/23 23:33:34 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0972060D00.sys
[2009/08/30 20:02:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\201E80E9BE.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/03 20:12:12 | 000,000,057 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/04/03 20:12:09 | 000,000,056 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/02/17 00:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/12/16 00:14:32 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\pcouffin.log
[2008/12/16 00:14:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\pcouffin.cat
[2008/12/16 00:14:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\pcouffin.inf
[2008/12/06 20:49:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PTQL5F.DLL
[2008/12/06 20:49:49 | 000,001,235 | ---- | C] () -- C:\WINDOWS\System32\PTQL5L.INI
[2008/09/27 22:04:50 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F26B7EE434.sys
[2008/09/25 20:00:18 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/09/25 20:00:18 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2008/09/25 20:00:18 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2008/09/15 19:25:39 | 000,005,010 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/08/16 23:44:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/08/05 20:59:05 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/04/14 00:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/03 02:51:53 | 000,026,549 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/01/03 01:36:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/01/03 01:34:53 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/01/03 01:33:09 | 000,002,115 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/12/31 02:52:48 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/13 22:32:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\.googlewebacchosts
[2007/10/21 10:23:25 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/10/21 10:23:25 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/10/21 10:23:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/10/21 10:23:25 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/10/12 00:11:58 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/11 17:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/12/23 02:05:45 | 000,720,896 | R--- | C] () -- C:\WINDOWS\System32\XFX_page.dll
[2006/12/23 02:05:45 | 000,065,572 | R--- | C] () -- C:\WINDOWS\System32\XFX_ffb.dll
[2006/12/16 21:53:40 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/12/10 20:16:51 | 000,038,447 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft Excel.ADR
[2006/12/03 06:17:01 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/12/03 06:17:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2006/11/28 15:47:47 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/08 23:48:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2006/11/08 23:48:29 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2006/11/08 23:12:16 | 000,037,017 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2006/11/08 23:06:29 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/11/08 23:05:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/10/17 23:31:31 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/17 23:31:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/09/28 16:54:22 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/05/10 12:39:49 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/08 23:04:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/03/08 21:36:17 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ph401.dll
[2006/02/28 23:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2005/12/14 17:38:33 | 000,038,464 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Comma Separated Values (Windows).ADR
[2005/11/25 13:34:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/10/17 15:52:28 | 000,000,096 | ---- | C] () -- C:\WINDOWS\OPHA.ini
[2005/10/17 15:39:55 | 000,000,027 | ---- | C] () -- C:\WINDOWS\EZSET_SP.INI
[2005/10/17 15:37:43 | 000,000,066 | ---- | C] () -- C:\WINDOWS\JcAdmin32.ini
[2005/10/17 15:37:37 | 000,000,809 | ---- | C] () -- C:\WINDOWS\aduninst.ini
[2005/10/17 15:37:34 | 000,002,029 | ---- | C] () -- C:\WINDOWS\adflist.ini
[2005/09/24 15:51:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/22 12:12:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.dll
[2005/07/21 23:36:27 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/03/18 12:43:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dtsjava.dll
[2005/02/13 12:52:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/02/13 12:49:47 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/02/13 12:48:33 | 000,000,849 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2005/02/13 12:48:33 | 000,000,510 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/02/13 12:48:33 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2005/02/13 12:48:33 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/02/13 12:48:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2005/02/13 12:43:09 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/01/23 19:26:17 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/20 12:26:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4d.DLL
[2005/01/20 02:08:03 | 000,000,073 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2005/01/19 23:42:36 | 000,059,997 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2005/01/19 23:39:04 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/18 16:55:13 | 000,029,917 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.log
[2005/01/18 16:54:25 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005/01/18 10:41:46 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/01/17 22:11:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2005/01/17 21:43:53 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.html
[2005/01/17 01:57:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/17 01:46:01 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/16 18:46:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/03 13:28:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\chckshll.dll
[2003/09/04 12:25:12 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext504.ini
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/02/21 16:26:58 | 000,146,432 | ---- | C] () -- C:\WINDOWS\System32\MCPrintX.dll

========== LOP Check ==========

 

[thisguy]

OTL.txt Part 3

========== LOP Check ==========

[2009/02/05 01:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/10/06 14:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDJ
[2010/07/26 22:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/12/09 13:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/09/03 20:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/12/30 10:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/12/17 02:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/07/26 22:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF 6
[2010/07/26 22:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
[2009/04/07 23:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/02/05 01:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/10/02 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/01/23 10:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jHnMb06504
[2010/11/27 09:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/01/24 02:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2005/01/17 22:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2007/10/16 00:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/12/12 23:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosewill Driver
[2005/02/13 12:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/01/23 00:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/30 10:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/12/17 00:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/04/03 00:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/01/03 11:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/07/26 22:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visage Software
[2009/06/06 22:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/08 22:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/20 00:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 22:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/03 00:11:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EB5D5346-A236-4350-9E3D-9BBCB79344A1}
[2005/10/31 16:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\.bittorrent
[2009/07/19 22:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\4Team
[2009/08/24 22:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Amazon
[2010/01/02 18:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ascaron Entertainment
[2011/01/04 21:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Barnes & Noble
[2010/01/09 20:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Crayon Physics Deluxe
[2009/09/03 20:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DeLorme
[2009/03/16 12:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Disney Flix 2.0
[2009/02/03 21:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Downloaded Installations
[2009/06/20 12:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDFab
[2010/07/27 00:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\eXPert PDF 6
[2011/01/22 00:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GoodSync
[2005/11/27 03:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ICAClient
[2005/01/17 22:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\IsolatedStorage
[2005/01/28 22:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2011/01/09 01:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MetaProducts
[2008/05/20 20:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\My Games
[2008/03/15 15:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\OfficeUpdate12
[2009/02/17 21:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\public policies
[2010/07/26 19:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Quicken WillMaker
[2010/01/23 02:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Red Kawa
[2008/12/16 00:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\RipIt4Me
[2010/12/15 19:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\RoboForm
[2009/09/29 00:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Scooter Software
[2010/01/22 07:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SlySoft
[2006/10/19 16:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Snapfish
[2010/04/03 00:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Stardock
[2008/12/05 01:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Stellarium
[2006/05/14 22:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\theimagingfactory
[2010/01/04 20:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Tific
[2008/07/02 02:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TMP
[2009/02/13 23:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TOSHIBA
[2011/01/14 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/17 02:11:49 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2005/01/16 23:56:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/22 23:22:39 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2011/01/25 03:18:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/25 13:39:25 | 000,030,890 | ---- | M] () -- C:\ComboFix.txt
[2005/01/16 23:56:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/05/20 15:11:36 | 000,013,824 | ---- | M] () -- C:\costBasis.xls
[2007/10/21 10:24:18 | 000,001,362 | ---- | M] () -- C:\Cucu_Video_log.txt
[2007/07/29 22:09:34 | 000,000,092 | ---- | M] () -- C:\Default.PLS
[2002/10/02 10:41:34 | 000,058,330 | ---- | M] () -- C:\DISKREP.EXE
[2007/09/04 21:23:56 | 000,053,760 | ---- | M] (Tolunay Orkun) -- C:\DRTCP021.exe
[2009/09/20 00:07:38 | 000,013,072 | ---- | M] () -- C:\dumppo.exe
[2008/12/01 22:12:16 | 000,000,924 | ---- | M] () -- C:\DW20.EXE.lnk
[2003/03/29 12:51:34 | 000,110,654 | ---- | M] () -- C:\extract_rtv.exe
[2011/01/25 13:35:09 | 3220,258,816 | -HS- | M] () -- C:\hiberfil.sys
[2005/01/16 23:56:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/02 00:40:10 | 000,000,000 | ---- | M] () -- C:\itouch_config_crash_info.txt
[2009/12/18 02:04:40 | 000,000,000 | ---- | M] () -- C:\itouch_crash_info.txt
[2006/05/16 23:34:33 | 000,000,377 | ---- | M] () -- C:\LoadLogTextFormat.txt
[2010/02/20 12:42:11 | 000,021,882 | ---- | M] () -- C:\LU4.log
[2009/02/19 12:48:29 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\MicrosoftMegaUninstaller.exe
[2008/01/24 00:16:45 | 000,001,693 | ---- | M] () -- C:\moduleName.txt
[2005/01/16 23:56:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/10/17 23:20:20 | 001,302,528 | ---- | M] () -- C:\output.avi
[2011/01/25 13:34:57 | 937,426,943 | -HS- | M] () -- C:\pagefile.sys
[2007/09/09 23:54:19 | 000,016,548 | ---- | M] () -- C:\resetlog.txt
[2006/11/08 23:19:24 | 000,000,499 | ---- | M] () -- C:\RHDSetup.log
[2006/05/10 12:18:43 | 000,142,353 | ---- | M] () -- C:\scandisk.exe
[2009/10/06 13:27:10 | 000,000,002 | ---- | M] () -- C:\SMPCount.txt
[2011/01/24 22:42:18 | 000,062,372 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_24.01.2011_22.41.35_log.txt
[2011/01/24 23:18:48 | 000,061,908 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_24.01.2011_23.18.23_log.txt
[2009/02/19 11:53:57 | 000,013,602 | ---- | M] () -- C:\uninstall.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/07/02 10:37:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/02/08 19:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
[2002/09/30 00:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD4d.DLL
[2002/09/30 00:00:00 | 000,046,080 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP4d.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 17:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2004/02/16 19:06:28 | 000,031,872 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OPHAPP3.DLL
[2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/12/20 18:08:46 | 000,245,248 | ---- | M] (Realtime Soft Ltd) -- C:\WINDOWS\UltraMon.scr
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/07/02 06:12:53 | 000,307,200 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/02 09:54:14 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/07/02 06:12:53 | 031,195,136 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/02 06:12:53 | 006,615,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/13 00:51:19 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2006/12/23 02:20:10 | 000,009,216 | ---- | M] () -- C:\WINDOWS\system32\SteelVine.db
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/11/18 17:11:57 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon Automatic Refund Price Checker.url
[2008/07/02 10:54:01 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/08/29 07:47:53 | 000,000,271 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Saint Augustine, Florida (32080) Forecast Weather Underground.url
[2002/09/13 19:37:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2006/12/26 04:27:33 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\St. Augustine, City Dock.url

< %USERPROFILE%\Desktop\*.exe >
[2011/01/25 02:52:22 | 004,160,066 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2009/02/15 20:37:38 | 258,498,720 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Chris\Desktop\Corel_Media_One.exe
[2010/01/09 15:57:10 | 030,405,559 | ---- | M] (Kloonigames ) -- C:\Documents and Settings\Chris\Desktop\crayon_release53.exe
[2009/02/24 22:56:16 | 027,142,744 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Chris\Desktop\GMATPrepSetup.exe
[2011/01/25 01:58:12 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\MBRCheck.exe
[2009/09/19 00:12:18 | 198,087,808 | ---- | M] (Telltale Games) -- C:\Documents and Settings\Chris\Desktop\MonkeyIsland_LaunchOfTheScreamingNarwhal_Setup.exe
[2011/01/25 12:50:58 | 000,932,288 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Norton_Removal_Tool.exe
[2011/01/25 14:21:55 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/01/09 01:55:51 | 005,537,138 | ---- | M] (Algoryx ) -- C:\Documents and Settings\Chris\Desktop\Phun_beta_5_28_win32.exe
[2011/01/09 02:10:27 | 000,729,664 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Plug-In.exe
[2011/01/25 02:04:20 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\rkill.exe
[2008/12/04 23:42:56 | 041,716,578 | ---- | M] ( ) -- C:\Documents and Settings\Chris\Desktop\stellarium-0.10.0beta.exe
[2010/09/04 19:14:52 | 010,565,396 | ---- | M] (Digiarty Software, Inc. ) -- C:\Documents and Settings\Chris\Desktop\winx-dvd-author-full.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/02/20 19:46:36 | 000,788,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Chris\My Documents\Norton_Removal_Tool.exe
[2002/07/23 07:50:37 | 001,050,417 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\p95v21.exe
[2003/02/06 21:31:28 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Setup.exe
[2010/07/08 19:12:54 | 000,262,944 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SoftonicDownloader83435.exe
[1 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/07/02 10:54:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Chris\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/24 23:49:58 | 000,007,252 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Realtime Landscaping Pro DEMO Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/25 14:21:50 | 002,293,760 | ---- | M] () -- C:\Documents and Settings\Chris\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[2006/06/23 13:48:54 | 000,032,768 | ---- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe
[3 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/17 13:41:08 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004/07/17 13:41:08 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 13:41:08 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 13:41:08 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[1 C:\Program Files\Messenger\*.tmp files -> C:\Program Files\Messenger\*.tmp -> ]

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\Chris\My Documents\WDVD_9_BD.zip:SummaryInformation

< End of report >

 

[thisguy]

Extras.txt

OTL Extras logfile created on: 1/25/2011 2:22:27 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 54.55 Gb Free Space | 39.04% Space Free | Partition Type: NTFS
Drive E: | 546.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 121.39 Mb Total Space | 63.52 Mb Free Space | 52.33% Space Free | Partition Type: FAT32

Computer Name: BATTLEAXE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8080:TCP" = 8080:TCP:LocalSubNet:Enabled:Bentley Publications
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Sierra\FEAR\FEAR.exe" = C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Program Files\Sierra\FEAR\fpupdate.exe" = C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028FC60D-92B4-4CE2-AA9D-0980AF5CFDFF}" = FocusFixer
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{0E70CFA6-93E3-453F-B47C-855196C2589E}" = Logitech Harmony Remote Software 7
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{21071A7C-A96F-46E4-9057-39636ED56446}" = Corel WinDVD Advisor
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32EDFEE7-0466-4445-90C9-43C713EF7423}" = MioMap v3 Updater for Mio C320 C520
"{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}" = ASUS DH Remote
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{44E24545-F317-4498-B7CD-240DE7BA8DE2}" = RAW Image Task
"{44FA5348-C293-457A-A713-BB8F4BB19846}" = Disney Flix 2.0
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{49062DAB-7009-4EBD-903A-830B283407C4}" = TMPGEnc DVD Author 1.5
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{57512081-5660-4A8F-9ACD-1574CE11F7BA}" = Extension Renamer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}" = PowerQuest Drive Image 7.0
"{8DA0047C-2F99-4FE6-ADCB-B08208101E22}" = EZ-Backup Manager
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A556A5AD-2A0D-48ED-A8E8-EA524CA0D366}_is1" = LyricsFetcher v0.7
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}" = Times Reader
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B357C4B4-9024-4B64-9B3F-A6729031C3DD}" = SketchUp 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows
"{B94AA0EE-8F75-4773-A25C-E986D94134B2}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB6F2DF7-EB91-4FFE-844E-174A25C655CE}" = Image Rescue
"{BCE9F441-9027-4911-82E0-5FB28057897D}" = APC PowerChute Business Edition Agent
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XIb (Win64/32/CE)
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5D13172-5A7C-4746-9C9C-7E4129D7DB6D}" = Send to SmugMug
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D2A9F3F7-B22E-43D5-82E7-87B55E049520}" = 3D Canvas
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D595A781-F677-491E-B7D9-1B4D520790D2}" = DVArchive V3.1
"{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D94B5396-43E7-47CD-B9B0-4CA9EE7E9183}" = Rosewill Wireless Network 11N USB adapter RNX-N1
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E703EE04-8A31-470B-BA16-24D890589917}" = LeapFrog Leapster2 Plugin
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = eXPert PDF 6
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Afterburner" = MSI Afterburner 1.2.0
"AI RoboForm" = AI RoboForm (All Users)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AnyDVD" = AnyDVD
"AviSynth" = AviSynth 2.5
"AVStoDVD" = AVStoDVD 2.3.3
"BN_DesktopReader" = NOOK for PC
"Buildalot_is1" = Buildalot
"CadStd" = CadStd
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Digimarc MyPictureMarc Watermarking Plugin" = Digimarc MyPictureMarc Watermarking Plugin
"DiskState_is1" = DiskState v3.30 Licensed
"DownloadExpress" = MetaProducts Download Express
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
"DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010)
"DVDx_is1" = DVDx
"eBahn Reader" = eBahn® Reader
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Extract_is1" = Extract Version 1.6
"Galactic Civilizations II" = Galactic Civilizations II
"Game Jackal v4_is1" = Game Jackal v4.0.1.5 (32 bit)
"Google Chrome Frame" = Google Chrome Frame
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge Signal Monitor Utility" = Hauppauge Signal Monitor Utility
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"HD Tach_is1" = HD Tach version 3
"HijackThis" = HijackThis 2.0.2
"Home Plan Pro for Windows 95/98/00/ME/NT/XP" = Home Plan Pro for Windows 95/98/00/ME/NT/XP
"IE5WA" = Microsoft Internet Explorer 5 Web Accessories
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Impulse" = Impulse
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{44E24545-F317-4498-B7CD-240DE7BA8DE2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"IsoBuster_is1" = IsoBuster 1.8
"JDSecure" = JD Secure 3.1
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"LeechFTP" = LeechFTP
"LeechGet 2009_is1" = LeechGet 2009 Version 2.2
"Logitech Unifying" = Logitech Unifying Software 2.00
"Magic ISO Maker v5.0 (build 0166)" = Magic ISO Maker v5.0 (build 0166)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"mp3-2-wav_1.05" = mp3-2-wav 1.07
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"ODC AdminManager" = AdminManager(OkiLAN 8100e Softnic Setup Utility)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OKI LPR Utility" = OKI LPR Utility
"Online Manuals for WinTV (English)" = Online Manuals for WinTV (English)
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa2" = Picasa 2
"PremElem80" = Adobe Premiere Elements 8.0
"Quicken WillMaker Plus 2006" = Quicken WillMaker Plus 2006
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"Realtime Landscaping Pro DEMO" = Realtime Landscaping Pro DEMO
"reSizer_is1" = reSizer v0.78
"Security Task Manager" = Security Task Manager 1.7h
"ShellExView" = ShellExView
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"sp6" = Logitech SetPoint 6.20
"StarBurn(GiveAwayOfTheDay)_is1" = StarBurn(GiveAwayOfTheDay) Version 11 (Build 0x20081230)
"Steam App 12470" = Port Royale 2
"Steam App 4760" = Rome: Total War Gold
"Steam App 8880" = Freedom Force
"Stellarium_is1" = Stellarium 0.10.0
"The Scruffs_is1" = The Scruffs
"TuneXP_1.5" = TuneXP 1.5
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"Tweak UI 2.10" = Tweak UI
"UPCShell" = LeapFrog Connect
"Videora iPod Converter" = Videora iPod Converter 5.04
"Videora Trial Version" = Videora Trial Version 2.15
"View22" = View22
"vis_geiss2.dllWinamp" = Geiss2 for Winamp 2x (remove only)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2011 4:05:55 PM | Computer Name = BATTLEAXE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/23/2011 4:06:25 PM | Computer Name = BATTLEAXE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/23/2011 4:06:25 PM | Computer Name = BATTLEAXE | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {61B81882-B62F-4035-B9C3-A2AFD6A3C8A3} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 1/23/2011 4:06:57 PM | Computer Name = BATTLEAXE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/23/2011 4:07:27 PM | Computer Name = BATTLEAXE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/23/2011 4:07:57 PM | Computer Name = BATTLEAXE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/23/2011 4:07:57 PM | Computer Name = BATTLEAXE | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\lcedisp.cpp(131),
hr = 80040206: Failed to CoCreate EventSystem objec

Error - 1/23/2011 4:08:27 PM | Computer Name = BATTLEAXE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/23/2011 4:08:57 PM | Computer Name = BATTLEAXE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/25/2011 12:54:01 AM | Computer Name = BATTLEAXE | Source = MsiInstaller | ID = 11330
Description = Product: Java(TM) 6 Update 23 -- Error 1330.A file that is required
cannot be installed because the cabinet file C:\Documents and Settings\Chris\Application
Data\Sun\Java\jre1.6.0_23\Data1.cab has an invalid digital signature. This may
indicate that the cabinet file is corrupt. Error 8230 was returned by WinVerifyTrust.

[ OSession Events ]
Error - 1/12/2009 2:38:38 AM | Computer Name = BATTLEAXE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 2/3/2009 3:54:26 AM | Computer Name = BATTLEAXE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 7/21/2009 1:03:49 PM | Computer Name = BATTLEAXE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 11/10/2009 10:52:49 PM | Computer Name = BATTLEAXE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 1/25/2011 12:47:58 AM | Computer Name = BATTLEAXE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/25/2011 12:49:53 AM | Computer Name = BATTLEAXE | Source = Service Control Manager | ID = 7000
Description = The Digital Blue DMC2 Video Device service failed to start due to
the following error: %%1058

Error - 1/25/2011 12:51:41 AM | Computer Name = BATTLEAXE | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/25/2011 1:57:07 PM | Computer Name = BATTLEAXE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/25/2011 1:57:07 PM | Computer Name = BATTLEAXE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/25/2011 1:57:07 PM | Computer Name = BATTLEAXE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/25/2011 1:57:07 PM | Computer Name = BATTLEAXE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/25/2011 1:57:07 PM | Computer Name = BATTLEAXE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/25/2011 1:57:07 PM | Computer Name = BATTLEAXE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/25/2011 1:57:08 PM | Computer Name = BATTLEAXE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}


< End of report >

 

[Broni]

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
  O15 - HKCU\..Trusted Domains: corel.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: corel.com ([www] * in Trusted sites)
  O15 - HKCU\..Trusted Domains: intervideo.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
  O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
  O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
  O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
  O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
  O15 - HKCU\..Trusted Ranges: Range1 ([]* in Trusted sites)
  [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
  [19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
  [1 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]
  [2009/10/01 12:17:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\53DFCDEB62.sys
  [2009/10/01 12:17:30 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\663C2FFF26.sys
  [2009/10/01 12:17:27 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C7156192A7.sys
  [2009/10/01 12:17:08 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3A5C5EF830.sys
  [2009/10/01 12:15:50 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\20AA172B0D.sys
  [2009/10/01 12:15:43 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\7A999F718E.sys
  [2009/10/01 12:15:42 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\08ADFEE6A6.sys
  [2009/10/01 12:15:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\52BB48A68E.sys
  [2009/10/01 12:15:37 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B167B42A37.sys
  [2009/10/01 12:15:14 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\30E93F13BE.sys
  [2009/10/01 12:15:11 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9A9124EE2D.sys
  [2009/09/29 21:55:47 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\AF2B9186C4.sys
  [2009/09/29 11:22:36 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\BFAA46039E.sys
  [2009/09/28 23:04:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F98EEDF503.sys
  [2009/09/28 23:04:21 | 000,000,168 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DD1DEC3553.sys
  [2009/09/27 19:26:03 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\120C05AF9E.sys
  [2009/09/27 19:23:16 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C557D8E545.sys
  [2009/09/27 19:23:15 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3B25859A2E.sys
  [2009/09/27 19:23:15 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2C718B9044.sys
  [2009/09/27 19:23:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\6F7E2AC7E5.sys
  [2009/09/27 19:21:14 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8813E81B4C.sys
  [2009/09/27 19:21:12 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\893CE7A109.sys
  [2009/09/27 19:21:10 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\33E3BC1A81.sys
  [2009/09/27 19:20:27 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B1F30E84D7.sys
  [2009/09/27 19:20:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C08A1F6CF5.sys
  [2009/09/27 19:20:15 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\74C5A243C7.sys
  [2009/09/27 19:20:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9CAC644135.sys
  [2009/09/27 19:19:07 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F7E17B9914.sys
  [2009/09/27 19:19:05 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\6397EC6E2C.sys
  [2009/09/27 19:19:00 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2A4A8CAF83.sys
  [2009/09/27 19:19:00 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1F85C2F35E.sys
  [2009/09/27 19:18:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\7BE7399B65.sys
  [2009/09/27 12:46:08 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B0816DF56A.sys
  [2009/09/27 12:41:12 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E087B28574.sys
  [2009/09/27 12:41:11 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5C9A772133.sys
  [2009/09/27 12:41:07 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0F64BD8874.sys
  [2009/09/27 12:35:54 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D2562AA5AA.sys
  [2009/09/27 01:27:46 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4E8A9FA06A.sys
  [2009/09/27 01:21:29 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\726C0B8305.sys
  [2009/09/27 01:21:15 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\94C8776C3F.sys
  [2009/09/27 01:21:12 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\52006DEC55.sys
  [2009/09/27 01:20:51 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0DD7FD4647.sys
  [2009/09/27 01:20:48 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B0D3F12AFD.sys
  [2009/09/27 01:19:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\677A9CE303.sys
  [2009/09/27 01:18:55 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F9BE20442B.sys
  [2009/09/27 01:18:46 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B455B2D26E.sys
  [2009/09/27 01:18:39 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2CFAE5E461.sys
  [2009/09/27 01:18:36 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2CD8A9A8D8.sys
  [2009/09/24 08:11:14 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9C57F14B1D.sys
  [2009/09/24 08:10:53 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9EB7EF6541.sys
  [2009/09/23 23:39:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\63DA15B49F.sys
  [2009/09/23 23:38:18 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D9EC30FAB6.sys
  [2009/09/23 23:38:17 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\59BFF3B5E9.sys
  [2009/09/23 23:38:12 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\042F5FC10B.sys
  [2009/09/23 23:38:09 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4FA5AB3ACE.sys
  [2009/09/23 23:37:13 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D59FF6F795.sys
  [2009/09/23 23:36:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\AAD1F7E25E.sys
  [2009/09/23 23:34:23 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\60B34CCB6B.sys
  [2009/09/23 23:33:36 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8E4FD1801C.sys
  [2009/09/23 23:33:34 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0972060D00.sys
  [2009/08/30 20:02:13 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\201E80E9BE.sys
  [2008/09/27 22:04:50 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F26B7EE434.sys
  [2007/12/31 02:52:48 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
  @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\Chris\My Documents\WDVD_9_BD.zip:SummaryInformation
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[thisguy]

cannot update java

I cannot update the java version. The online check showed that it was damaged or not installed. I tired online and offline install. The online downloads and then never starts installing. The offline version goes through the install part way and then crashes with error:

Error 1330. A File that is required cannot be installed because the cabinet file c:\...Application Data\Sun\Java\...\Data1.cab has an invalid digital signature. This may indicate that the cab file is corrupt.

I was getting this same type of digital signature warning from anydvd which loads on startup and from roboform.

Should I proceed with JavaRA or do we need to resolve this and get the new java version on first?

Thanks,
Thisguy

 

[Broni]

Wait. Something happened with my OTL code.
Hold on.

 

[Broni]

Run JavaRa first.

 

[thisguy]

Something is still wrong. . .

I ran javara again and removed everything. Then I tried ugain to update java. It did not work. I restarted and norton came up broken. java update still seems to be blocked. is it possible that the rootkit is back or something like that? I did not proceed with OTL and will await your instruction. meanwhile I am taking this machine back off the network.

 

[Broni]

No need to disconnect...

Leave Java alone for now and proceed with other steps.

 

[thisguy]

OTL output log

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\corel.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\corel.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intervideo.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intervideo.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\ deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\_r_a_p_.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml36.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml37.tmp deleted successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\002563_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET127.tmp deleted successfully.
C:\WINDOWS\SET128.tmp deleted successfully.
C:\WINDOWS\SET134.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4C.tmp deleted successfully.
C:\WINDOWS\SET4F.tmp deleted successfully.
C:\WINDOWS\SET5B.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\SET8A.tmp deleted successfully.
C:\WINDOWS\SET8D.tmp deleted successfully.
C:\WINDOWS\SET96.tmp deleted successfully.
C:\WINDOWS\SET9A.tmp deleted successfully.
C:\WINDOWS\SETB4.tmp deleted successfully.
C:\WINDOWS\SETB7.tmp deleted successfully.
C:\WINDOWS\SETC3.tmp deleted successfully.
C:\WINDOWS\SETFE.tmp deleted successfully.
C:\WINDOWS\System32\drivers\OLD19F.tmp deleted successfully.
C:\Documents and Settings\Chris\My Documents\AMPL.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\53DFCDEB62.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\663C2FFF26.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\C7156192A7.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\3A5C5EF830.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\20AA172B0D.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\7A999F718E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\08ADFEE6A6.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\52BB48A68E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\B167B42A37.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\30E93F13BE.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\9A9124EE2D.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\AF2B9186C4.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\BFAA46039E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\F98EEDF503.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\DD1DEC3553.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\120C05AF9E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\C557D8E545.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\3B25859A2E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\2C718B9044.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\6F7E2AC7E5.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\8813E81B4C.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\893CE7A109.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\33E3BC1A81.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\B1F30E84D7.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\C08A1F6CF5.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\74C5A243C7.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\9CAC644135.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\F7E17B9914.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\6397EC6E2C.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\2A4A8CAF83.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\1F85C2F35E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\7BE7399B65.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\B0816DF56A.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\E087B28574.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\5C9A772133.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\0F64BD8874.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\D2562AA5AA.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\4E8A9FA06A.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\726C0B8305.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\94C8776C3F.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\52006DEC55.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\0DD7FD4647.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\B0D3F12AFD.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\677A9CE303.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\F9BE20442B.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\B455B2D26E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\2CFAE5E461.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\2CD8A9A8D8.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\9C57F14B1D.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\9EB7EF6541.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\63DA15B49F.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\D9EC30FAB6.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\59BFF3B5E9.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\042F5FC10B.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\4FA5AB3ACE.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\D59FF6F795.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\AAD1F7E25E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\60B34CCB6B.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\8E4FD1801C.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\0972060D00.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\201E80E9BE.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\F26B7EE434.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\ezsid.dat moved successfully.
Unable to delete ADS C:\Documents and Settings\Chris\My Documents\WDVD_9_BD.zip:SummaryInformation .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Ben and Ryan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2543263 bytes
->Flash cache emptied: 41044 bytes

User: Chris
->Temp folder emptied: 37168690 bytes
->Temporary Internet Files folder emptied: 240367977 bytes
->Java cache emptied: 120991136 bytes
->FireFox cache emptied: 59365602 bytes
->Apple Safari cache emptied: 2020352 bytes
->Flash cache emptied: 296219 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 14 bytes
->Flash cache emptied: 1719 bytes

User: Sarah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 626 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89869 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 935850 bytes

Total Files Cleaned = 442.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Ben and Ryan
->Flash cache emptied: 0 bytes

User: Chris
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Sarah
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.5 log created on 01252011_162035

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF4535.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF4562.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF4622.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF4646.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF47B0.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF4829.tmp not found!
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\C0GCBHNI\topic160140-2[1].html moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\C0GCBHNI\windows_new_ie[2].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\BV0DFA2I\adServer[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\BV0DFA2I\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\BV0DFA2I\sh30[1].html moved successfully.

Registry entries deleted on Reboot...

 

[thisguy]

checkup.txt

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton AntiVirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
DH Driver Cleaner Professional Edition
Duplicate Cleaner 1.4.3
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

 

[thisguy]

Cannot run eset

After ok to install activeX control got error:

An add-on for this website failed to run. Check security settings in Internet options for potential conflicts.


I am trying to do only what you tell me to follow your instructions in good faith so forgive me if I am missing obvious things I could correct. Just trying to make sure I follow protocol and do exactly and only as you say.

thanks again!!!
Thisguy

 

[Broni]

Uninstall Duplicate Cleaner.
Playing with duplicate files brings nothing but a danger of removing some important file(s).

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

...and Eset....

 

[Broni]

Try Eset with another browser, or....

Please run a BitDefender Online Scan

• Disable your antivirus program.
• Click Start Scanner button.
• Click Free scan now button
• Allow browser plug-in to be installed when prompted.
• Click I Agree to agree to the EULA.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on View report.
• Notepad will open with scan results.
• Save the report to your desktop and post its content in your next reply.

 

[thisguy]

will do

FYI I have only used duplicate cleaner to find duplicate songs and photos on my data drives. I will follow your instructions and try again. Can you tell me why adobe and duplicate cleaner would affect the security settings that seem to be blocking the eset activeX install/execution?

Thanks,
Thisguy

 

[thisguy]

Can't do adobe either

I got the same activeX error in IE and went to Firefox to download. It allowed me to install the dowloader and then restart FF but then I got two pop-up errors saying getPlus+(R): Error

Operating system error! (16297.103.516 - 42072312.80004005.FFFFFFFF.00000000

[OK]

Uninstall Duplicate Cleaner.
Playing with duplicate files brings nothing but a danger of removing some important file(s).

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

...and Eset....

 

[thisguy]

Same Issue with bit defender. Can't do ActiveX at the moment

 

[Broni]

Try BitDefender with Firefox.

 

[thisguy]

bit defender is working in firefox. Will post back any results. SHould I clean anything that it finds?

 

[Broni]

You may as well.

 

[thisguy]

Bit defender found no issues.

ESET found and cleaned:

C:\Documents and Settings\Chris\Desktop\Downloads\RegistryEasy.exe Win32/Adware.RegistryGreat application deleted - quarantined

C:\System Volume Information\_restore{8D25DEC3-C366-4E5C-9284-12637AA8545F}\RP6\A0000848.exe Win32/Adware.RegistryGreat application deleted - quarantined

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[thisguy]

Thank you! This sounds good. Do you have any thoughts on why activeX, norton, java JRE, and adobe cannot be updated?

I am going to work on it but if you have any guidance that would be awesome.

Thank you again!!
Thisguy