Solved Started with PC Performance and Stability Report

I think I am getting ahead of myself in my replies. It (Avast) appears to have installed successfully. When I went to start OTL, it popped right up. So, I told it to disable for 10 min so I could run OTL.

Do you want me to run OTL just like before with the copy/paste parts added to the custom scan part?

I also forgot to mention something... once I got rid of the norton item, i get 'smart printing' trying to do something. It's come up at least 7 times now- most recently when I clicked on my computer.
 
We'll check what's going on.

Make sure, your Avast is the latest ver. 6

Yes, OTL with the same custom script.
 
second round of otl - 1 file - part 1 of 2

Ok, below is the output. Avast says ver 6.0.1125 this am. When I went to the forum and picked page 2, I received a pop-up -> jusched.exe failed...send error to Microsoft (no). But I will stop reporting these if you want me to.

thanks again.





OTL logfile created on: 6/3/2011 5:51:55 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\William\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.20% Memory free
4.85 Gb Paging File | 3.91 Gb Available in Paging File | 80.71% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 36.54 Gb Free Space | 25.05% Space Free | Partition Type: NTFS

Computer Name: CCIM | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 21:26:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/04 03:40:15 | 004,980,344 | -H-- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/10/29 16:06:08 | 005,915,480 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/06/26 13:09:18 | 000,167,936 | -H-- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | -H-- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/06 13:21:31 | 000,116,224 | -H-- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
PRC - [2006/05/03 03:12:00 | 000,098,304 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2006/02/10 18:17:04 | 000,282,624 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/20 14:45:10 | 000,871,936 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2005/10/14 12:02:02 | 000,670,208 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe


========== Modules (SafeList) ==========

MOD - [2011/06/03 05:39:39 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\William\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2011/06/02 21:26:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
MOD - [2011/04/18 12:10:29 | 000,130,680 | -H-- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/07 19:47:32 | 000,162,648 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/10/14 12:02:02 | 000,670,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/25 09:54:31 | 000,117,752 | -H-- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/11/09 22:49:50 | 004,323,040 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C510(UVC)
DRV - [2010/11/09 22:48:12 | 000,283,744 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/09 22:46:28 | 000,020,704 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/05/26 05:19:17 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 19:43:30 | 000,025,824 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/19 22:38:10 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 22:38:10 | 000,012,872 | -H-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2007/12/24 17:37:00 | 000,138,384 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/10/03 11:37:52 | 000,008,552 | -H-- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 18:19:12 | 001,107,224 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 12:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 12:01:56 | 000,029,440 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2005/10/14 12:00:36 | 000,101,760 | -H-- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/10/14 12:00:26 | 000,022,016 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2005/09/08 05:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/04 04:10:18 | 001,273,344 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/11/17 21:59:20 | 000,212,224 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/advanced_search?hl=en
IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {21201D69-1BE3-4161-A1EC-D41CC09914B6}:1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{21201D69-1BE3-4161-A1EC-D41CC09914B6}: C:\Documents and Settings\Susan\Local Settings\Application Data\{21201D69-1BE3-4161-A1EC-D41CC09914B6} [2009/02/05 19:02:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/01 15:31:02 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/02 23:40:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 17:48:19 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/02 22:35:03 | 000,000,000 | -H-D | M]

[2008/09/13 18:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\William\Application Data\Mozilla\Extensions
[2011/06/03 05:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\nxeo0ufa.default\extensions
[2011/03/12 06:47:49 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\nxeo0ufa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/06/01 09:00:24 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\nxeo0ufa.default\searchplugins\ixquick.xml
[2011/06/03 05:43:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/11 09:11:25 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/10 07:09:27 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/02 22:30:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/02/05 19:02:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\SUSAN\LOCAL SETTINGS\APPLICATION DATA\{21201D69-1BE3-4161-A1EC-D41CC09914B6}
[2011/06/02 23:40:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/10/01 15:31:02 | 000,000,000 | -H-D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/02 21:05:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160243635703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
 
second round of otl - part 2 of 3

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 00:01:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/02 23:46:17 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/02 23:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/02 23:46:16 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/02 23:46:14 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/02 23:46:14 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/02 23:46:13 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/02 23:46:13 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/02 23:46:13 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/02 23:46:12 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/02 23:39:58 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/02 23:39:58 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/02 23:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Desktop\first otl run
[2011/06/02 22:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Desktop\JavaRa
[2011/06/02 21:26:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
[2011/06/02 20:59:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/02 20:50:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/02 20:50:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/02 20:50:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/02 20:50:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/02 20:49:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/02 20:49:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/02 20:49:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/02 19:48:13 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\William\Desktop\AppRemover.exe
[2011/06/02 19:46:37 | 004,111,594 | R--- | C] (Swearware) -- C:\Documents and Settings\William\Desktop\ComboFix.exe
[2011/06/02 05:44:08 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\William\Desktop\aswMBR.exe
[2011/06/01 19:57:19 | 000,607,294 | R--- | C] (Swearware) -- C:\Documents and Settings\William\Desktop\dds.scr
[2011/06/01 15:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Desktop\tech-submit
[2011/06/01 12:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/01 12:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/31 21:05:09 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/05/31 21:05:05 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/05/31 21:04:26 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/05/31 21:04:21 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/05/31 21:03:44 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/05/31 21:03:40 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/05/31 21:03:29 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/05/31 21:03:07 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/05/31 21:02:51 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/05/31 21:02:48 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/05/31 21:02:44 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/05/31 21:02:37 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/05/31 21:02:33 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/05/31 21:02:28 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/05/31 21:02:24 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/05/31 21:02:09 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/05/31 21:01:52 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/05/31 21:01:49 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/05/31 21:01:45 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/05/31 21:01:37 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/05/31 21:01:16 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/05/31 21:01:01 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/05/31 21:00:57 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/05/31 21:00:44 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/05/31 21:00:41 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/05/31 21:00:37 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/05/31 21:00:33 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/05/31 21:00:30 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/05/31 21:00:26 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/05/31 20:59:56 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/05/31 20:59:50 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/05/31 20:59:46 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/05/31 20:59:45 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/05/31 20:59:40 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/05/31 20:59:37 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/05/31 20:59:22 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/05/31 20:59:18 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/05/31 20:58:45 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/05/31 20:58:42 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/05/31 20:58:38 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/05/31 20:58:34 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/05/31 20:58:27 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/05/31 20:57:36 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/05/31 20:57:32 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/05/31 20:57:29 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/05/31 20:57:25 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/05/31 20:57:22 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/05/31 20:56:55 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/05/31 20:56:51 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/05/31 20:56:48 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/05/31 20:56:40 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/05/31 20:56:09 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/05/31 20:56:06 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/05/31 20:56:02 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/05/31 20:55:59 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/05/31 20:55:34 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/05/31 20:55:27 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/05/31 20:55:23 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/05/31 20:55:06 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/05/31 20:55:03 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/05/31 20:55:00 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/05/31 20:54:57 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/05/31 20:54:53 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/05/31 20:54:50 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/05/31 20:54:47 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/05/31 20:54:44 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/05/31 20:54:40 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/05/31 20:54:33 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/05/31 20:54:30 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/05/31 20:54:30 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/31 20:54:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/31 20:54:28 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/05/31 20:54:27 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/05/31 20:54:12 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/05/31 20:54:05 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/05/31 20:54:01 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/05/31 20:53:57 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/05/31 20:53:40 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/05/31 20:53:37 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/05/31 20:53:20 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/05/31 20:53:17 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/05/31 20:53:13 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/05/31 20:53:00 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/05/31 20:52:10 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/05/31 20:51:57 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/05/31 20:51:55 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/05/31 20:51:52 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/05/31 20:51:11 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/05/31 20:51:08 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/05/31 20:51:05 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/05/31 20:51:01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/05/31 20:50:37 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/05/31 20:50:23 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/05/31 20:50:20 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/05/31 20:50:14 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/05/31 20:50:04 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/05/31 20:50:01 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/05/31 20:49:52 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/05/31 20:49:49 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/05/31 20:49:46 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/05/31 20:49:43 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/05/31 20:49:40 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/05/31 20:49:37 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/05/31 20:49:27 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/05/31 20:49:24 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/05/31 20:49:21 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/05/31 20:49:18 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/05/31 20:49:15 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/05/31 20:47:40 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/05/31 20:47:18 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/05/31 20:47:15 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/05/31 20:47:14 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/05/31 20:47:11 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/05/31 20:47:10 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/05/31 20:47:07 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/05/31 20:46:58 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/05/31 20:46:55 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/05/31 20:46:52 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/05/31 20:46:49 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/05/31 20:46:43 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/05/31 20:46:40 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/05/31 20:45:45 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/05/31 20:45:00 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/05/31 20:43:21 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/05/31 20:43:12 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/05/31 20:23:04 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/05/31 20:23:02 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/05/31 20:23:00 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/05/31 20:22:46 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/05/31 20:22:39 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/05/31 20:22:36 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/05/31 20:22:32 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/05/31 20:22:29 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/05/31 20:22:27 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/05/31 20:22:26 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/05/31 20:22:09 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/05/31 20:22:04 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/05/31 20:22:02 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/05/31 20:20:34 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/05/31 20:20:29 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/05/31 20:20:19 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/05/31 20:20:17 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/05/31 20:20:16 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/05/31 20:20:10 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/05/31 20:20:09 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/05/31 20:20:08 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/05/31 20:20:06 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/05/31 20:20:04 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/05/31 20:19:41 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/05/31 20:19:40 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/05/31 20:19:35 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/05/31 20:19:12 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/05/31 20:19:11 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/05/31 20:19:09 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/05/31 20:19:08 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/05/31 20:19:07 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/05/31 20:19:06 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/05/31 20:19:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/05/31 20:19:03 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/05/31 20:18:54 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/05/31 20:18:39 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/05/31 20:18:29 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/05/31 20:18:22 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/05/31 20:18:21 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/05/31 20:18:20 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/05/31 20:18:19 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/05/31 20:18:18 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/05/31 20:18:16 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/05/31 20:18:15 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/05/31 20:18:14 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/05/31 20:18:13 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/05/31 20:18:12 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/05/31 20:18:10 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/05/31 20:18:10 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/31 20:17:36 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/05/31 20:17:35 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/05/31 20:17:34 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/05/31 20:17:33 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/05/31 20:17:33 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/05/31 20:17:32 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/05/31 20:17:31 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/05/31 20:17:30 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/05/31 20:17:28 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/05/31 20:17:28 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/05/31 20:17:27 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/05/31 20:17:25 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/05/31 20:17:25 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/05/31 20:17:24 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/05/31 20:17:23 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/05/31 20:17:23 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/05/31 20:17:22 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/05/31 20:17:21 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/05/31 20:17:17 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/05/31 20:17:13 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/05/31 20:17:12 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/05/31 20:17:11 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/05/31 20:17:11 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/05/31 20:17:10 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/05/31 20:17:09 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/05/31 20:17:08 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/05/31 20:16:41 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/05/31 20:16:35 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/05/31 20:16:23 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/05/31 20:16:22 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/05/31 20:16:22 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/05/31 20:16:21 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/05/31 20:16:20 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/05/31 20:16:18 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/05/31 20:16:15 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/05/31 20:16:14 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/05/31 20:16:12 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/05/31 20:16:12 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/05/31 20:16:11 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/05/31 16:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 16:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\section
[2011/05/31 16:35:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\William\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/31 13:36:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\William\Recent
[2011/05/28 15:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/28 15:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/05/23 12:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Desktop\blizz change
[2011/05/21 12:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/09 13:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/09 13:01:07 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/05/09 13:01:01 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011/05/09 12:54:26 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
second rounf of otl part 3 of 3

========== Files - Modified Within 30 Days ==========

[2011/06/03 05:39:29 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/03 05:38:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/03 05:38:52 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 02:18:44 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/02 23:10:56 | 000,932,400 | ---- | M] () -- C:\Documents and Settings\William\Desktop\Norton_Removal_Tool.exe
[2011/06/02 22:39:53 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\William\Desktop\JavaRa.zip
[2011/06/02 21:26:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
[2011/06/02 21:05:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/02 20:59:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/02 19:48:19 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\William\Desktop\AppRemover.exe
[2011/06/02 19:46:40 | 004,111,594 | R--- | M] (Swearware) -- C:\Documents and Settings\William\Desktop\ComboFix.exe
[2011/06/02 05:54:04 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\William\Desktop\RKUnhookerLE.EXE
[2011/06/02 05:49:38 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\William\default.pls
[2011/06/02 05:48:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\William\Desktop\MBR.dat
[2011/06/02 05:44:11 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\William\Desktop\aswMBR.exe
[2011/06/01 19:57:19 | 000,607,294 | R--- | M] (Swearware) -- C:\Documents and Settings\William\Desktop\dds.scr
[2011/06/01 16:00:26 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\William\Desktop\fbuqgtev.exe
[2011/06/01 10:45:23 | 000,000,644 | RHS- | M] () -- C:\Documents and Settings\William\ntuser.pol
[2011/05/31 21:46:38 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\William\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 16:35:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\William\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/31 15:29:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\William\Desktop\Shortcut to firefox.exe.lnk
[2011/05/31 13:42:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/31 11:13:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/30 12:48:02 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/28 00:01:50 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22339364
[2011/05/26 11:39:16 | 000,052,560 | ---- | M] () -- C:\Documents and Settings\William\Desktop\2011052609584429.pdf
[2011/05/12 12:25:08 | 000,800,007 | ---- | M] () -- C:\Documents and Settings\William\Desktop\Raid Preparation.pdf
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 08:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/06 16:49:18 | 009,164,138 | ---- | M] () -- C:\Documents and Settings\William\Desktop\02 Rock That Body.m4a
[2011/05/06 14:39:16 | 000,060,452 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/05 08:00:39 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\William\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 23:10:55 | 000,932,400 | ---- | C] () -- C:\Documents and Settings\William\Desktop\Norton_Removal_Tool.exe
[2011/06/02 22:39:52 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\William\Desktop\JavaRa.zip
[2011/06/02 20:59:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/02 20:59:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/02 20:50:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/02 20:50:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/02 20:50:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/02 20:50:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/02 20:50:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/02 05:54:03 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\William\Desktop\RKUnhookerLE.EXE
[2011/06/02 05:48:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\William\Desktop\MBR.dat
[2011/06/01 16:00:26 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\William\Desktop\fbuqgtev.exe
[2011/06/01 14:29:44 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/01 10:44:15 | 000,000,644 | RHS- | C] () -- C:\Documents and Settings\William\ntuser.pol
[2011/05/31 21:05:04 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/05/31 21:05:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/05/31 20:53:08 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/05/31 20:53:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/05/31 20:48:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/05/31 20:46:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/31 20:45:14 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/31 20:43:19 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/05/31 20:43:14 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/05/31 20:43:09 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/05/31 20:43:05 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/05/31 20:42:58 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/05/31 20:23:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/31 20:20:15 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/05/31 20:20:14 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/05/31 20:20:12 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/05/31 20:17:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/05/31 20:17:00 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/05/31 20:16:59 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/05/31 20:16:59 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/05/31 20:16:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/05/31 20:16:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/05/31 20:16:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/05/31 20:16:56 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/05/31 20:16:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/05/31 20:16:48 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/05/31 15:29:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\William\Desktop\Shortcut to firefox.exe.lnk
[2011/05/28 00:01:50 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22339364
[2011/05/26 11:39:16 | 000,052,560 | ---- | C] () -- C:\Documents and Settings\William\Desktop\2011052609584429.pdf
[2011/05/12 12:25:07 | 000,800,007 | ---- | C] () -- C:\Documents and Settings\William\Desktop\Raid Preparation.pdf
[2011/05/06 20:06:04 | 009,164,138 | ---- | C] () -- C:\Documents and Settings\William\Desktop\02 Rock That Body.m4a
[2011/04/27 10:05:21 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\William\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/09 22:45:32 | 000,102,744 | -H-- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,871,128 | -H-- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,316,248 | -H-- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,026,286 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/16 17:31:27 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\CD_Start.INI
[2010/10/01 15:18:08 | 000,207,226 | -H-- | C] () -- C:\WINDOWS\hpwins28.dat
[2010/10/01 15:18:08 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2010/06/07 17:44:06 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/05/07 19:46:36 | 000,014,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/01/19 12:26:21 | 000,016,968 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/10/12 20:56:40 | 000,060,452 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/19 22:40:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/16 20:18:43 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/29 21:09:54 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\William\Application Data\dvd.bmk
[2008/01/22 10:32:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/01/22 10:29:53 | 000,593,920 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/12/20 22:35:44 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/12/20 22:35:44 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/12/20 22:35:44 | 000,887,724 | -H-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/11/17 14:49:26 | 000,001,156 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/17 08:33:58 | 000,043,520 | -H-- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/21 17:59:24 | 000,001,087 | -H-- | C] () -- C:\WINDOWS\checkip.dat
[2007/08/21 17:49:09 | 000,001,213 | -H-- | C] () -- C:\WINDOWS\ipconfig.dat
[2007/03/18 11:01:59 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\William\Application Data\FixVTS.ini
[2006/12/23 22:36:32 | 000,000,214 | -H-- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/24 20:36:08 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\William\Application Data\.zreglib
[2006/11/22 09:55:50 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/19 12:26:34 | 000,038,867 | -H-- | C] () -- C:\WINDOWS\hpomdl03.dat
[2006/10/19 12:26:34 | 000,029,133 | -H-- | C] () -- C:\WINDOWS\hpoins03.dat
[2006/10/06 15:28:25 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/03 11:52:39 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/03 11:47:41 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/03 11:42:19 | 000,000,126 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/03 11:37:00 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/03 11:11:14 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/03 11:11:12 | 000,095,617 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/03 11:10:48 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,288,496 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,445,836 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,073,042 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/05 03:30:18 | 000,565,248 | -H-- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/02 23:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/10/26 10:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/26 10:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/12/11 09:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2007/12/11 09:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2010/01/19 12:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/31 12:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iFaAaFc08200
[2010/06/07 17:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/02/24 16:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/05/31 13:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/10/03 11:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 13:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/06 10:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/09 15:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/07 12:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/26 14:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\AVG10
[2010/06/09 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Research In Motion
[2007/01/31 22:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Viewpoint
[2006/12/23 21:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Walgreens
[2010/10/27 22:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tracy\Application Data\AVG10
[2010/06/08 07:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Blackberry Desktop
[2010/12/20 12:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Dyuv
[2007/12/11 09:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\eFax Messenger
[2009/03/29 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\HouseCall 6.6
[2006/10/27 13:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Leadertech
[2008/02/27 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\LimeWire
[2007/10/15 12:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Lost Marble
[2010/12/20 12:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Ohbato
[2010/06/07 17:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Research In Motion
[2006/11/24 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\SlySoft
[2008/05/08 07:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Thunderbird
[2011/01/02 09:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Walgreens

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2011/05/31 13:42:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/02 20:59:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/02 21:07:55 | 000,029,532 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/10/03 11:14:46 | 000,006,754 | RH-- | M] () -- C:\dell.sdr
[2001/09/05 22:00:58 | 001,700,352 | -H-- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2011/06/03 05:38:52 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2006/10/19 12:31:24 | 000,004,128 | -H-- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/10/03 11:38:07 | 000,000,838 | -H-- | M] () -- C:\IPH.PH
[2011/06/02 22:41:00 | 000,026,779 | ---- | M] () -- C:\JavaRa.log
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/14 09:10:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/03 05:38:50 | 3218,079,744 | -HS- | M] () -- C:\pagefile.sys
[2006/10/06 16:28:02 | 000,017,404 | -H-- | M] () -- C:\PkgClnup.log
[2006/10/03 11:38:15 | 000,000,087 | -H-- | M] () -- C:\SystemInfo.ini
[2009/01/27 05:48:38 | 000,000,419 | -H-- | M] () -- C:\updatedatfix.log
[2007/02/01 23:20:28 | 000,938,582 | -H-- | M] () -- C:\winzip70.zip

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/06/09 01:43:12 | 000,316,928 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp092.dll
[2007/04/09 14:23:54 | 000,028,552 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/10/06 15:39:55 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\William\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/02 19:48:19 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\William\Desktop\AppRemover.exe
[2011/06/02 05:44:11 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\William\Desktop\aswMBR.exe
[2010/10/14 08:55:13 | 060,866,552 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\William\Desktop\AVSVideoConverter.exe
[2011/06/02 19:46:40 | 004,111,594 | R--- | M] (Swearware) -- C:\Documents and Settings\William\Desktop\ComboFix.exe
[2011/06/01 16:00:26 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\William\Desktop\fbuqgtev.exe
[2010/11/09 10:45:31 | 010,980,832 | ---- | M] () -- C:\Documents and Settings\William\Desktop\FCTBSetup.exe
[2010/01/16 10:16:59 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\William\Desktop\HijackThis.exe
[2010/10/26 13:45:13 | 006,238,016 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\William\Desktop\HitmanPro35.exe
[2011/06/02 22:29:27 | 000,886,560 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\William\Desktop\jxpiinstall.exe
[2011/05/31 16:35:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\William\Desktop\mbam-setup-1.50.1.1100.exe
[2011/06/02 23:10:56 | 000,932,400 | ---- | M] () -- C:\Documents and Settings\William\Desktop\Norton_Removal_Tool.exe
[2011/06/02 21:26:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
[2011/06/02 05:54:04 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\William\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | -H-- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/10/06 15:39:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\William\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2007/11/10 09:56:01 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\William\Cookies\desktop.ini
[2011/06/03 05:39:45 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\William\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 13:44:28 | 000,192,512 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | -H-- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | -H-- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | -H-- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | -H-- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | -H-- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | -H-- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | -H-- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
jusched.exe failed
Click to expand...
Disable jusched.exe as a startup (no need for it): http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - [2007/12/24 17:37:00 | 000,138,384 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/01 15:31:02 | 000,000,000 | -H-D | M]
[2010/10/01 15:31:02 | 000,000,000 | -H-D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2010/10/26 10:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/10/03 11:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/26 14:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\AVG10
[2010/10/27 22:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tracy\Application Data\AVG10
[2008/02/27 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\LimeWire
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
So far ran the OTL; at the end a dialog box came up asking for a reboot [OK]. The PC is now just sitting here with the 'Windows is shutting down' screen. Been about 5 minutes real-time. Continue to wait or give it the power off switch?

And disabled the Java launcher.
 
thanks. 3 more until the power cycle :)

Oh, and just so you know, I'll be out for next few hours so I might not get back till later tonight or tomorrow am.
 
Thanks I'll get that done once I get OTL again. Apparenlty after the power cycle ang logging in, a pop asked if I wanted to run OTL. Said yes but it replied with a long winded, file not there. So, I'll go back and download it again and run the fix unless you say otherwise.
 
latest OTL

Ok, redownloaded otl and went i went to run it, this log popped up.


All processes killed
========== OTL ==========
Service tmcomm stopped successfully!
Service tmcomm deleted successfully!
C:\WINDOWS\system32\drivers\tmcomm.sys moved successfully.
Registry value HKEY_USERS\S-1-5-21-4143634262-2900202759-2067161063-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-4143634262-2900202759-2067161063-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart deleted successfully.
Prefs.js: smartwebprinting@hp.com:4.5 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com deleted successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\res folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\chrome folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\defaults\preferences folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\defaults folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\chrome folder moved successfully.
C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 folder moved successfully.
Folder C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
File C:\Program Files\AVG\AVG10\Firefox4 not found.
C:\WINDOWS\003069_.tmp deleted successfully.
C:\WINDOWS\S2279B946.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET103.tmp deleted successfully.
C:\WINDOWS\System32\SET106.tmp deleted successfully.
C:\WINDOWS\System32\SET109.tmp deleted successfully.
C:\WINDOWS\System32\SET119.tmp deleted successfully.
C:\WINDOWS\System32\SET12E.tmp deleted successfully.
C:\WINDOWS\System32\SET131.tmp deleted successfully.
C:\WINDOWS\System32\SET15C.tmp deleted successfully.
C:\WINDOWS\System32\SETCF.tmp deleted successfully.
C:\WINDOWS\System32\SETE1.tmp deleted successfully.
C:\WINDOWS\System32\SETFD.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\IN\10110 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\IN folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Susan\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Susan\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\Tracy\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Tracy\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire\xml\schemas folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire\xml\misc folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire\xml\data folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire\xml folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire\themes\windows_theme folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire\themes folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\William\Application Data\LimeWire folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Susan
->Temp folder emptied: 1466199 bytes
->Temporary Internet Files folder emptied: 27502722 bytes
->Java cache emptied: 76441603 bytes
->FireFox cache emptied: 49746825 bytes
->Flash cache emptied: 1881084 bytes

User: Tracy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5005665 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98888483 bytes
->Flash cache emptied: 33524 bytes

User: William
->Temp folder emptied: 30224070 bytes
->Temporary Internet Files folder emptied: 314255 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 54758756 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5444 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84641 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 168162 bytes

Total Files Cleaned = 331.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Susan
->Flash cache emptied: 0 bytes

User: Tracy
->Flash cache emptied: 0 bytes

User: William
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06032011_162242

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
security check log

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 25
Java 2 Runtime Environment, SE v1.4.1_03
Java 3D 1.3.1 (OpenGL) SDK
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader 8.1.6
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.17)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
 
Uninstall:
Java 2 Runtime Environment, SE v1.4.1_03
Java 3D 1.3.1 (OpenGL) SDK

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

....and Eset....
 
est scan

Here's the estscan (familial obligation didn't let me finish it last night). Next post will be after i do the other things you mentioned. As for those 2 files in the 'RECOVER' directory, I can delete those if you want. That folder was from quite some time ago when I used a different laptop to recover somone's hdd. That laptop eventually died so I transferred the contents to this pc.


C:\Documents and Settings\William\Desktop\current laptop-03-07\RECOVER\aow_greatstuff\Boson-ChechPoint-Test-3.22.zip a variant of Win32/Packed.PECrypt32.A application
C:\Documents and Settings\William\Desktop\current laptop-03-07\RECOVER\aow_greatstuff\Boson-CheckPoint-Test-3.22.zip a variant of Win32/Packed.PECrypt32.A application
C:\WINDOWS\system32\235.js JS/TrojanDownloader.Agent.NWG trojan
 
additional steps

Ok, 2 java items removed.
Acrobat Reader removed.
Foxit - in the house. although it does add an ASK searchbar to toolbar (didn't give me an option to say no for that).

additional notes:

when opening Start -> My Computer... HP Smart Print tries to install (I cancel for now).
opening firefox tries to connect to zfsearch (I usually hit the 'X' to stop this).

questions:

Is it ok to have Super Anti-spyware running and Avast? my guess is yes since one is AV and one is anti-spyware.

Firefox opens an addon - extentions box. Avast web rep, download status bar (something i like normally), ask foxit pdf creator toolbar (guess I could get rid of this), Java console (3 of them) 6.0.23, 6.0.24, 6.0.25. Get rid of any of these?

I have some other items to address (probably fallout from the initial issues) which I will describe later once we're done with the heavy lifting (mainly getting some of the things back to the way they were i.e. Susan desktop).
 
when opening Start -> My Computer... HP Smart Print tries to install (I cancel for now).
Click to expand...
That's up to you. I can see, you have HP Smart Web Printing 4.5 listed in Add\Remove.

opening firefox tries to connect to zfsearch (I usually hit the 'X' to stop this).
Click to expand...
.
May be some of your addons. Let's try something...
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Is it ok to have Super Anti-spyware running and Avast? my guess is yes since one is AV and one is anti-spyware.
Click to expand...
Yes.

Firefox opens an addon - extentions box. Avast web rep, download status bar (something i like normally), ask foxit pdf creator toolbar (guess I could get rid of this), Java console (3 of them) 6.0.23, 6.0.24, 6.0.25. Get rid of any of these?
Click to expand...
I need your description to be little bit better. I'm not sure, if I understand everything.
 
gooredfix log

Here's gorefix...

GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:53 on 04/06/2011 (William)
Firefox version 3.6.17 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{21201D69-1BE3-4161-A1EC-D41CC09914B6} -> Success!
Deleting C:\Documents and Settings\Susan\Local Settings\Application Data\{21201D69-1BE3-4161-A1EC-D41CC09914B6} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:37 09/11/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [13:11 11/01/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [11:09 10/03/2011]
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [02:30 03/06/2011]

C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\nxeo0ufa.default\extensions\
toolbar@ask.com [12:00 04/06/2011]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [10:47 12/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:53 06/03/2009]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03:39 03/06/2011]

-=E.O.F=-



Ah, sorry about the short one on the FF. I opened Firefox and it opened a box in which it is looking to update addon/extentions. The selectable items were titled:

Avast Web Rep
Download Status Bar
ASK Foxit PDF Creator toolbar
Java Console 6.0.23
Java Console 6.0.24
Java Console 6.0.25

the options are to either find an update or remove for each item.
 
Fire fox so far is looking better - thanks.

updates ... ok. My concern was over so many (well, 3) Java Consoles. My assumption would be to remove the older and just keep the latest.
 
That's true.
You should keep only the latest one, Java Console 6.0.25.

In any case...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
otl-llast

Here's the latest OTL run. I'll start the clean-up process next. Once again, thanks for the work provided to get this pc back to clean.

Next up will be trying to get the Susan user back to normal. Let me know if that's something you can help with or not.

thanks



All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Susan
->Temp folder emptied: 8128 bytes
->Temporary Internet Files folder emptied: 3816625 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42754357 bytes
->Flash cache emptied: 2187 bytes

User: Tracy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: William
->Temp folder emptied: 1170514 bytes
->Temporary Internet Files folder emptied: 608127 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72721396 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1322 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90964 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 116.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Susan
->Flash cache emptied: 0 bytes

User: Tracy
->Flash cache emptied: 0 bytes

User: William
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06042011_133916

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
I'd better take a step back.

First for the user William.

1. Start->All Programs-> brings up a list of program name/folder/pointers. Usually when you mouse over it either points to the programs to run, or shows the next level down. Mine show first level only and then (Empty). i.e. Administrative tools shows - empty; Super Anti-Spyware-> empty; Real -> Real Player -> (Empty). So in essence, all of the shortcuts that eventually pointed to a target are gone. Meaning useless currently. Can that be restored or will I be doing a lot of manual additions?

Now for Susan, I believe that whatever was here (virus/infection) did something a bit more insidious. I log into her account and get to what 'appears' to be a desktop. The start button is there, some icons to the right of programs running (like Avast). The quick launch icons are not there nor are any icons on the desktop. I right click the desktop and nothing. It is not a real desktop. However, I can see all of the items under c:\documents and settings\Susan\Desktop. If I try to copy/move one of these items to the perceived desktop, it will not work.
 

Similar threads

Daniel Sims
Here's why Windows 7 took so long to boot with solid color backgrounds in 2009
Replies
9
Views
121
ibnMuhammad
I
S
Microsoft surveys users about new icon designs in Word, Excel, and PowerPoint
Replies
6
Views
120
p51d007
p51d007
Daniel Sims
New Nvidia drivers improve performance in benchmarks, but crashes and gaming issues remain
Replies
18
Views
232
LimyG
LimyG

Latest posts

Back