Inactive Cannot uninstall programs/delete files

Status
Not open for further replies.
M

MrEd

Posts: 70   +0
Sorry if this is not the proper thread as I don't know if this is related to a rogue program/files or not.

Re:Uninstall/deletion Issues...

I have two files on my desktop that I cannot delete:
Name: An oldie but goodie_ Hands....
Size: 0 bytes
Location:C:\Documents and Settings\User\Desktop
Fire Waterfall
Size: 0 bytes
C:\Documents and Settings\User\Desktop

Have tried file assassin in Malware Bytes and CC Cleaner's file deletion tool but no go.


Also, I cannot uninstall the following programs as they are not found in add/remove

programs.

This irider has a wise uninstaller but it calls for the "install.log" file which is nowhere

to be found.

Irider by Wymea Bay
"D:\Program Files\iRider2.48\iRider.exe"

Cannot uninstall this one either....same issue...not in add/remove programs. No unistaller.

"D:\Program Files\PC Linq\Mdi.exe"

Can I edit out these files from the registry? I don't have the original programs or files to

reinstall and then uninstall them again. Any suggestions would be appreciated.
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :dir
C:\Documents and Settings\User\Desktop
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

As for that program which doesn't want to uninstall try free version of Revo: http://www.revouninstaller.com/revo_uninstaller_free_download.html
 
System Look Report

Thanks. Have tried free revo before but didn't work. Here is the systemlook report:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:17 on 09/11/2011 by User
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\User\Desktop - Parameters: "(none)"

---Files---
An oldie but goodie_ Hands.... --a---- 0 bytes [19:34 21/04/2010] [19:34 21/04/2010]
CloneSpy.lnk --a---- 712 bytes [07:35 21/08/2011] [07:35 21/08/2011]
eBible2.lnk --a---- 661 bytes [15:43 22/10/2007] [15:43 22/10/2007]
Fire Waterfall..... --a---- 0 bytes [00:53 30/10/2010] [00:53 30/10/2010]
Frontpage.lnk --a--c- 840 bytes [05:00 28/12/2003] [03:45 21/09/2006]
Google Chrome.lnk --a---- 2277 bytes [22:42 04/05/2011] [23:27 18/07/2011]
HyperSnap-DX 5.lnk --a--c- 672 bytes [04:47 05/01/2004] [04:47 05/01/2004]
Irider.txt --a---- 945 bytes [22:24 09/11/2011] [22:35 09/11/2011]
Local Area Connection.lnk --a--c- 408 bytes [07:10 16/11/2003] [07:10 16/11/2003]
Microsoft Excel.lnk --a--c- 2481 bytes [06:14 15/01/2005] [00:16 08/11/2011]
Microsoft Word.lnk --a--c- 840 bytes [05:00 28/12/2003] [05:00 28/12/2003]
Program Dloads D Drive.lnk --a--c- 374 bytes [02:58 08/01/2004] [02:58 08/01/2004]
Roboform Backup Password 4-17-10.htm --a---- 16506820 bytes [16:30 17/04/2010] [16:30 17/04/2010]
Router Login.url -ra---- 172 bytes [21:41 17/08/2011] [21:49 19/08/2009]
Router_Setup.html --a---- 5878 bytes [18:23 12/08/2011] [21:41 17/08/2011]
Shortcut to IMP Papers 9-21-05.lnk --a---- 389 bytes [06:30 18/11/2006] [06:30 18/11/2006]
Shortcut to Internet Options.lnk --a--c- 242 bytes [08:39 11/12/2003] [03:45 21/09/2006]
Shortcut to iRider.exe.lnk --a---- 580 bytes [07:19 05/02/2007] [07:19 05/02/2007]
Sprint Blackberry 8530.doc --a---- 25600 bytes [01:37 03/11/2011] [07:02 08/11/2011]
Spybot - Search & Destroy.lnk --a---- 793 bytes [23:07 18/06/2011] [23:07 18/06/2011]
System Restore.lnk --a--c- 1598 bytes [07:38 11/01/2004] [00:28 16/09/2009]
SystemLook.exe --a---- 139264 bytes [23:15 09/11/2011] [23:15 09/11/2011]
SystemLook.txt --a---- 0 bytes [23:17 09/11/2011] [23:17 09/11/2011]
Thumbs.db --ahs-- 18432 bytes [17:27 30/07/2011] [19:34 06/08/2011]
TowerHill2011.pdf --a---- 29139 bytes [07:05 21/10/2011] [07:05 21/10/2011]
Yankee Clipper.lnk --a---- 606 bytes [05:05 22/09/2006] [05:05 22/09/2006]

---Folders---
2011-01 (Jan) d------ [01:10 22/01/2011]
Debbie d------ [02:45 06/08/2011]
New Folder d------ [04:20 08/11/2011]

-= EOF =-
 
These two folders:
D:\Program Files\PC Linq
D:\Program Files\iRider2.48
may be simply leftovers, or some programs which don't need installation.
Since they're not listed in Add\Remove it'd be safe to simply delete both folders.

As for those files....

Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe
  • Click OK at the warning.
  • Click the Script tab and copy/paste the following text there:
Code: 
DeleteFile: 
"C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands...."
"C:\Documents and Settings\User\Desktop\Fire Waterfall....."
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post the report created by Blitzblank.
    You can find it in the root of the drive, normally C:\
 
Blitzbank got Blitzed... :)

Thanks. Blitzbank posted this error when I tried to execute:
"Syntax error in line 2, invalid file path".

The other programs are executable programs that I just ran. Irider is a browser and PC linq is for connecting two computers. Do I still just delete their folders even though the programs will run? Thx.
 
Do you use those programs?

As for the Blitzblank...

Re-run System Look with this code:

Code: 
:filefind
An oldie but goodie*
Fire Waterfall*
 
Reran System Look

Don't use those programs. They are old.TY.

Here is the system look:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:27 on 09/11/2011 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "An oldie but goodie*"
C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands.... --a---- 0 bytes [19:34 21/04/2010] [19:34 21/04/2010] (Unable to calculate MD5)

Searching for "Fire Waterfall*"
C:\Documents and Settings\User\Desktop\Fire Waterfall..... --a---- 0 bytes [00:53 30/10/2010] [00:53 30/10/2010] (Unable to calculate MD5)

-= EOF =-
 
Go ahead and delete those folders.

I can see there was some unneeded space in Blitzblank code.
Try again....

Code: 
DeleteFile: 
"C:\Documents and Settings\User\Desktop\An oldie but goodie_Hands...."
"C:\Documents and Settings\User\Desktop\Fire Waterfall....."
 
Still Blitzed

Still getting the same syntax error...sorry.
Blitzbank posted this error when I tried to execute:
"Syntax error in line 2, invalid file path".
 
OK, let's try this code:

Code: 
DeleteFile: 
"C:\Documents and Settings\User\Desktop\An oldie but goodie_Hands"
"C:\Documents and Settings\User\Desktop\Fire Waterfall"
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile

OTL logfile created on: 11/10/2011 12:23:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 305.87 Mb Available Physical Memory | 59.80% Memory free
1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.32% Paging File free
Paging file location(s): D:\pagefile.sys 768 1524I:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 1.86 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive D: | 59.59 Gb Total Space | 44.10 Gb Free Space | 74.00% Space Free | Partition Type: NTFS
Drive H: | 3.65 Gb Total Space | 0.47 Gb Free Space | 12.94% Space Free | Partition Type: FAT32

Computer Name: NA | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 22:34:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/08/01 12:12:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/04 03:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/04/21 06:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/30 15:46:30 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
PRC - [2010/04/20 15:22:46 | 000,534,016 | ---- | M] (SOS Online Backup) -- D:\Program Files\Backup SOS for Kingtston Thumb Drive 5-16-11\OverlayCache.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/03 02:20:48 | 000,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe
PRC - [2005/03/10 18:58:06 | 001,368,064 | ---- | M] (inteleXual.com) -- D:\Program Files\Yankee Clipper\YankClip.exe
PRC - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 11:09:29 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/12 11:09:01 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2011/10/12 11:02:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 11:01:45 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/12 11:01:06 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 11:00:23 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/12 10:57:39 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 10:57:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 10:54:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/12 10:54:42 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/05/04 03:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll
========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AppMgmt)
SRV - [2011/08/01 12:12:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/01/09 16:04:00 | 000,294,978 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- d:\Program Files\Quicken Backup\OLRegCap.exe -- (OLRegCap)
SRV - [2004/01/09 16:04:00 | 000,073,794 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- d:\Program Files\Quicken Backup\OLlaunch.exe -- (Quicken Online BackupLauncher)
SRV - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2001/09/28 01:26:40 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
========== Driver Services (SafeList) ==========

DRV - [2011/09/22 18:52:02 | 000,035,392 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/08/01 12:12:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/01 12:12:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/01/11 09:45:50 | 000,021,120 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2005/03/14 00:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/11/15 09:18:20 | 000,055,936 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2004/11/15 09:18:20 | 000,045,312 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2004/04/26 06:10:00 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/04/26 06:09:52 | 000,054,657 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2004/04/26 06:09:42 | 000,071,405 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/04/26 06:09:24 | 000,024,605 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/03/09 06:20:17 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 08:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042pr2)
DRV - [2003/12/17 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 08:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/10/07 13:18:44 | 000,044,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Kdata.sys -- (KDATA)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/12/18 07:03:24 | 000,036,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
DRV - [2002/10/04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2002/03/12 21:50:50 | 000,899,884 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
DRV - [2001/12/06 12:49:44 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SonyFKC.sys -- (SonyFKC)
DRV - [2001/09/21 19:16:46 | 000,593,000 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Smbe.sys -- (SMBE) Sony MPEG2 Encoder Board (WDM)
DRV - [2001/08/17 16:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 15:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 15:11:26 | 000,054,271 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10(tm)
DRV - [2001/01/08 04:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Disabled) = D:\PROGRA~2\YAHOOI~1.0\Common\npyaxmpb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceBlink = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\2.1_0\
CHR - Extension: WOT = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.4_0\
CHR - Extension: Mark for Later = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\biaphbpdaodeegbnfphkmdldbflhfinh\0.3.0_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.7_0\
CHR - Extension: WidgetBlock = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgiihiookhijpbhaflohognbhmamdnol\0.1.14_0\
CHR - Extension: Keep My Opt-Outs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Zotero Connector for Chrome = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\2.999.1_0\
CHR - Extension: Zotero Connector for Chrome = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jciblakmllnhbhjjgkbkeihelcndmgnh\2.999.1_0\.svn\text-base\.svn-base
CHR - Extension: RoboForm Lite = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\2.7.0_0\
CHR - Extension: InvisibleHand = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.3.14_0\

O1 HOSTS File: ([2011/07/31 14:07:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKU\S-1-5-21-602162358-308236825-1801674531-1004..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Jawbone Updater.lnk = C:\Program Files\Jawbone\JawboneUpdater.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Yankee Clipper III.lnk = D:\Program Files\Yankee Clipper\YankClip.exe (inteleXual.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: + Offline &Explorer: Download the link - Reg Error: Value error. File not found
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - Reg Error: Value error. File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Customize Menu &4 - Reg Error: Value error. File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Logoff &5 - Reg Error: Value error. File not found
O8 - Extra context menu item: Open Link Target in Firefox - Reg Error: Value error. File not found
O8 - Extra context menu item: Reset Fields &- - Reg Error: Value error. File not found
O8 - Extra context menu item: Rf Options &O - Reg Error: Value error. File not found
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields &= - Reg Error: Value error. File not found
O8 - Extra context menu item: Stop popups from this web page - Reg Error: Value error. File not found
O8 - Extra context menu item: Translate this page - Reg Error: Value error. File not found
O8 - Extra context menu item: View This Page in Firefox - Reg Error: Value error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: compuserve.com ([]* is out of zone range - 6)
O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: compuserve.com ([objects] * is out of zone range - 7)
O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: linkshare.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: linksynergy.com ([]https in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Reg Error: Key error.)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134210557440 (MUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab (Reg Error: Key error.)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38486.9494212963 (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/Typography/Utility/1/WXP/EN-US/clearadj.CAB (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} http://216.249.24.60/code/iPIX-ImageWell-ipix.cab (Reg Error: Key error.)
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} http://supportcentral4.sel.sony.com/sdccommon/download/sonyctl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45DBEE6B-BEA6-4242-B84B-4856BBB021F7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/User/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/18 16:32:32 | 000,000,648 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - Unable to obtain root file information for disk H:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\User\Desktop\Fire Waterfall.....
File not found -- C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands....
[2011/11/09 22:34:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/09 21:07:32 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\User\Desktop\BlitzBlank.exe
[2011/11/09 18:40:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/11/09 18:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TweakNow PowerPack 2011
[2011/11/09 18:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TweakNow PowerPack 2011
[2011/11/07 23:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Jawbone
[2011/11/07 23:22:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/07 23:22:36 | 000,067,008 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2011/11/07 23:22:36 | 000,035,392 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2011/11/07 23:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\JawboneUpdater
[2011/11/07 23:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Jawbone
[2011/11/07 23:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder
[2011/11/02 20:59:48 | 000,000,000 | ---D | C] -- D:\My Documents\C Drive\Logitech E3500 Quic Cam manual
[2011/11/02 13:03:48 | 000,000,000 | ---D | C] -- D:\My Documents\C Drive\Comcast Statements 11-2-11
[2011/10/29 23:34:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/29 14:11:03 | 000,000,000 | ---D | C] -- C:\MATS
[2011/10/29 12:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SONY Drivers Update Utility
[2011/10/17 02:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2011/10/16 16:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/10/16 16:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/10/16 11:42:27 | 000,000,000 | ---D | C] -- D:\My Documents\C Drive\Bluetooth Dongle BlueSoleil 10-16-11
[2011/10/15 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========
 
OTL logfile part 2

File not found -- C:\Documents and Settings\User\Desktop\Fire Waterfall.....
File not found -- C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands....
[2102/12/06 06:01:44 | 000,000,132 | ---- | M] () -- D:\My Documents\C Drive\USA_and_Canada-22.meta.dct
[2011/11/09 23:11:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core1cc27e486266d16.job
[2011/11/09 22:34:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/09 21:07:16 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\User\Desktop\BlitzBlank.exe
[2011/11/09 19:02:53 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 18:31:41 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweakNow PowerPack 2011.lnk
[2011/11/09 18:15:23 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe
[2011/11/08 19:21:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/11/08 19:21:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/11/08 01:57:20 | 000,000,075 | ---- | M] () -- C:\WINDOWS\USBBC.ini
[2011/11/07 23:21:47 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Jawbone Updater.lnk
[2011/11/07 19:16:42 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Excel.lnk
[2011/11/02 16:29:09 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/01 12:34:06 | 000,000,057 | ---- | M] () -- C:\WINDOWS\eBible.INI
[2011/11/01 12:11:27 | 000,000,484 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/31 16:34:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/31 16:34:18 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/10/31 03:43:09 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/10/31 03:40:41 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/21 02:05:47 | 000,029,139 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TowerHill2011.pdf
[2011/10/17 04:00:48 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0
[2011/10/16 11:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0
[2011/10/15 17:16:37 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/10/12 19:04:07 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 18:31:41 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweakNow PowerPack 2011.lnk
[2011/11/09 18:15:29 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe
[2011/11/07 23:21:47 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Jawbone Updater.lnk
[2011/10/31 03:43:09 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/10/21 02:05:47 | 000,029,139 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TowerHill2011.pdf
[2011/10/16 11:39:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0
[2011/10/16 11:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0
[2011/10/15 17:16:37 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/15 17:16:37 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/10/15 17:16:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/08/24 12:58:06 | 000,216,504 | ---- | C] () -- C:\Program Files\QDATA.IDX
[2011/08/03 18:00:57 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/08/02 18:24:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/02 18:24:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/02 18:24:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/02 18:24:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/02 18:24:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/08 01:24:25 | 000,342,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2007/04/12 02:20:49 | 000,000,067 | ---- | C] () -- C:\WINDOWS\GDINST.INI
[2007/01/21 23:50:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/01/13 20:54:49 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\User\Application Data\WavCodec.wff
[2006/12/18 22:10:32 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/12/02 01:40:35 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2006/10/11 12:52:12 | 000,020,811 | ---- | C] () -- C:\WINDOWS\System32\drivers\IPFWHook.sys
[2006/09/25 15:13:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/12 03:46:00 | 000,000,910 | ---- | C] () -- C:\WINDOWS\speakfre.ini
[2006/07/09 02:33:51 | 000,000,057 | ---- | C] () -- C:\WINDOWS\eBible.INI
[2006/05/22 18:35:37 | 000,112,373 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/05/22 18:35:37 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/04/03 17:48:07 | 000,071,195 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2006/04/03 17:44:17 | 000,070,721 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2006/02/09 16:32:57 | 000,000,121 | ---- | C] () -- C:\WINDOWS\pjic.INI
[2006/02/08 22:17:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/02/08 21:44:59 | 000,112,834 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2006/02/08 21:44:59 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2006/01/16 22:56:51 | 000,072,846 | ---- | C] () -- C:\WINDOWS\hpfins09.dat
[2006/01/16 18:24:06 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/09/17 02:23:59 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2005/09/10 17:07:01 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2005/09/05 22:24:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/08/08 05:17:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/02 19:27:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/06/24 02:51:15 | 000,000,070 | ---- | C] () -- C:\WINDOWS\MVFPT32.INI
[2005/06/24 02:43:41 | 000,000,067 | ---- | C] () -- C:\WINDOWS\LAHBWN32.INI
[2005/06/06 02:48:11 | 000,038,490 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).ADR
[2005/06/03 11:51:40 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/06/03 11:51:39 | 000,049,637 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/06/03 11:51:39 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/06/03 11:51:39 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2005/06/03 11:51:39 | 000,015,652 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2005/06/03 11:51:39 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/06/03 11:51:39 | 000,011,413 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2005/06/03 11:51:39 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2005/06/03 11:51:39 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2005/06/03 11:51:39 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2005/06/03 11:51:39 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2005/06/03 11:51:39 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2005/06/03 11:51:39 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2005/06/03 11:51:39 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2005/05/31 02:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/15 00:55:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
[2005/01/17 01:33:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\sversion.ini
[2005/01/17 01:23:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2005/01/15 00:25:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/01/15 00:02:18 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2005/01/15 00:00:33 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2005/01/11 00:49:09 | 000,000,033 | ---- | C] () -- C:\WINDOWS\AutoSafe.ini
[2005/01/05 23:32:45 | 000,000,750 | ---- | C] () -- C:\WINDOWS\WDD_COMPARE_DIR_CFX1.INI
[2004/12/30 07:03:32 | 000,000,830 | ---- | C] () -- C:\WINDOWS\MD_MacroDiffs.INI
[2004/12/30 07:03:31 | 000,000,750 | ---- | C] () -- C:\WINDOWS\MD_MicroDiffs.INI
[2004/12/30 06:23:02 | 000,000,011 | ---- | C] () -- C:\WINDOWS\MS_VXD_Ext.DLL
[2004/12/30 06:23:02 | 000,000,011 | ---- | C] () -- C:\WINDOWS\MS_Ext1.DLL
[2004/12/05 13:16:11 | 000,004,276 | ---- | C] () -- C:\Program Files\QDATA.QTX
[2004/11/30 00:48:56 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/11/19 10:03:14 | 000,000,225 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/18 15:26:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\intercon.ini
[2004/11/18 05:34:45 | 000,006,336 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/11/09 19:36:18 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/11/09 19:34:23 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2004/10/19 11:29:53 | 000,000,367 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2004/10/19 11:29:53 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2004/10/19 11:29:53 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2004/09/26 01:22:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/21 16:21:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2004/07/30 00:57:35 | 000,165,376 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/07/28 09:23:44 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/31 02:33:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/05/27 02:42:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\AR.DAT
[2004/05/21 23:22:58 | 000,350,173 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2004/05/21 19:18:06 | 000,000,030 | ---- | C] () -- C:\Program Files\QWRS.DAT
[2004/05/21 19:18:06 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2004/05/21 19:17:59 | 000,000,225 | ---- | C] () -- C:\Program Files\qreqst.dat
[2004/05/21 03:32:36 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/19 03:27:21 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/05/14 00:40:32 | 000,000,532 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2004/05/13 14:41:02 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/05/13 14:41:02 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/05/13 14:39:50 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/03/26 23:14:19 | 000,000,204 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2004/03/25 09:33:55 | 000,000,152 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/03/09 06:23:36 | 000,000,144 | ---- | C] () -- C:\WINDOWS\smrpro.INI
[2004/03/09 06:20:17 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\socketlock.sys
[2004/03/09 05:21:19 | 000,000,803 | ---- | C] () -- C:\WINDOWS\ldp.INI
[2004/03/09 04:13:06 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2004/02/23 14:39:03 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2004/02/23 14:25:01 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/02/23 14:25:01 | 000,003,953 | R--- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/02/21 21:04:41 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2004/01/19 13:22:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/01/18 00:27:42 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll
[2004/01/16 04:05:19 | 000,427,776 | ---- | C] () -- C:\WINDOWS\Q831167.exe
[2004/01/15 09:29:18 | 000,044,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kdata.sys
[2004/01/03 17:33:08 | 000,000,072 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2003/12/28 00:37:24 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ntl.ini
[2003/12/10 02:10:49 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2003/11/19 12:55:52 | 000,000,035 | ---- | C] () -- C:\WINDOWS\addrem.ini
[2003/11/17 19:40:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/17 07:09:47 | 000,000,046 | ---- | C] () -- C:\Program Files\Q3.DIR
[2003/11/17 06:46:11 | 000,007,168 | ---- | C] () -- C:\Program Files\ofxroots.crt
[2003/11/17 06:41:59 | 000,033,792 | ---- | C] () -- C:\Program Files\FILIST.QFI
[2003/11/17 06:37:19 | 000,001,024 | ---- | C] () -- C:\Program Files\qw.CFG
[2003/11/17 06:35:05 | 000,000,032 | ---- | C] () -- C:\Program Files\QDATA.QPH
[2003/11/17 06:34:02 | 000,803,840 | ---- | C] () -- C:\Program Files\QDATA.QEL
[2003/11/17 06:33:26 | 003,295,512 | ---- | C] () -- C:\Program Files\QDATA.QDF
[2003/11/17 06:28:29 | 000,020,736 | ---- | C] () -- C:\Program Files\QW.RMD
[2003/11/14 05:17:08 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/14 04:05:02 | 000,000,242 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/11/13 06:56:25 | 000,044,032 | ---- | C] () -- C:\WINDOWS\Unwash5.exe
[2003/11/13 02:29:51 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/11/12 21:22:56 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/12 03:00:00 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\ssoftnt4.sys
[2003/11/03 10:09:02 | 000,217,837 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2003/04/02 13:19:22 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2003/04/02 13:19:16 | 000,878,592 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/11/22 14:04:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\metazlib.dll
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 18:03:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2001/12/14 18:02:55 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2001/12/14 17:46:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/12/14 17:44:05 | 000,000,210 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2001/12/14 17:35:03 | 000,000,165 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2001/12/14 17:03:19 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/12/14 17:03:19 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2001/12/14 17:03:17 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2001/12/14 16:14:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/14 15:45:42 | 000,000,906 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/12/14 14:26:24 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/12/14 14:25:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/12/14 14:25:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/12/14 07:31:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/01/22 03:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2001/12/14 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.VALUED-7B9600FA\Application Data\InterTrust
[2011/03/09 01:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2011/10/17 04:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2011/02/16 14:18:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/16 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/06/23 20:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/03/11 22:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/12/22 07:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/07/27 01:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/16 20:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2004/07/06 17:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/05/12 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/01/16 22:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bubba.VALUED-7B9600FA\Application Data\Image Zone Express
[2001/12/14 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bubba.VALUED-7B9600FA\Application Data\InterTrust
[2001/12/14 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2007/01/10 18:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
[2011/08/21 02:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CloneSpy
[2011/11/01 12:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2006/05/22 14:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express
[2011/11/07 23:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\JawboneUpdater
[2004/04/27 21:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Offline Explorer
[2006/09/09 16:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2011/10/29 18:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SONY Drivers Update Utility
[2011/11/09 18:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TweakNow PowerPack 2011
[2011/10/31 16:34:18 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
 
OTL Extras logfile

OTL Extras logfile created on: 11/10/2011 12:23:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 305.87 Mb Available Physical Memory | 59.80% Memory free
1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.32% Paging File free
Paging file location(s): D:\pagefile.sys 768 1524I:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 1.86 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive D: | 59.59 Gb Total Space | 44.10 Gb Free Space | 74.00% Space Free | Partition Type: NTFS
Drive H: | 3.65 Gb Total Space | 0.47 Gb Free Space | 12.94% Space Free | Partition Type: FAT32

Computer Name: NA | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "D:\Program Files\iRider2.48\iRider.exe" (Wymea Bay)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
OTL Extras logfile Part 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2011 5:37:47 PM | Computer Name = NA | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 10/31/2011 5:37:50 PM | Computer Name = NA | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/1/2011 1:17:30 PM | Computer Name = NA | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/1/2011 1:17:33 PM | Computer Name = NA | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/3/2011 12:23:47 AM | Computer Name = NA | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/3/2011 12:23:50 AM | Computer Name = NA | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/8/2011 11:51:12 AM | Computer Name = NA | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/8/2011 11:51:16 AM | Computer Name = NA | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 11/8/2011 10:42:58 PM | Computer Name = NA | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/8/2011 10:43:01 PM | Computer Name = NA | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

[ System Events ]
Error - 10/17/2011 8:02:00 AM | Computer Name = NA | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DT 101
G2 USB Device.

Error - 10/17/2011 8:20:35 AM | Computer Name = NA | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DT 101
G2 USB Device.

Error - 10/17/2011 8:20:43 AM | Computer Name = NA | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DT 101
G2 USB Device.

Error - 10/20/2011 10:32:07 AM | Computer Name = NA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/27/2011 10:14:02 PM | Computer Name = NA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/29/2011 3:19:02 PM | Computer Name = NA | Source = Service Control Manager | ID = 7034
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/29/2011 6:50:04 PM | Computer Name = NA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/30/2011 12:27:43 PM | Computer Name = NA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.3 on
the Network Card with network address 00E01855C6AB.

Error - 10/31/2011 5:33:43 PM | Computer Name = NA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/1/2011 12:27:48 PM | Computer Name = NA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.3 on
the Network Card with network address 00E01855C6AB.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
File not found -- C:\Documents and Settings\User\Desktop\Fire Waterfall.....
File not found -- C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands....

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
BTW...Those two files are still on my desktop. Here is that log. TY.


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.VALUED-7B9600FA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Bubba
->Flash cache emptied: 300 bytes

User: Bubba.VALUED-7B9600FA
->Temp folder emptied: 5897 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 31460 bytes
->Flash cache emptied: 646 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: User
->Temp folder emptied: 67494 bytes
->Temporary Internet Files folder emptied: 1821780 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 23198904 bytes
->Flash cache emptied: 61150 bytes

User: User.VALUED-7B9600FA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 60 bytes
%systemroot%\System32 .tmp files removed: 560240 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 402 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 25.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.VALUED-7B9600FA

User: All Users

User: Bubba
->Flash cache emptied: 0 bytes

User: Bubba.VALUED-7B9600FA
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

User: User
->Flash cache emptied: 0 bytes

User: User.VALUED-7B9600FA

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11102011_144756

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1RASIQX\c3QDNjQ2MjE0NgRjYXQDbWRiBGNkbgMEcGcDBHBsX3MDBHBscl9zA09TSTBYSFhaYjZQdjNJd1FsdDNhMUcEcmQDc3BvbnNvcmVkLm1lc3Nlbmdlci55YWhvby5jb20Ec2VjA3BiBHNpZAMEc2xrA2xkBHZpZAMyNjU1MjEwNQ--[1].gif not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\GW00GNL0\mx_spot1;net=cm;u=,cm-10219642062_1318636553,123289ed428e0cf,ads,ax[1].;;sz=300x250;rmx_boom=ron;net=cm;env=ifr;ord1=579146;dcopt=ist;cmw=owl;contx=ads;an=;dc=w;btg=;ord=1318636549 not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6c8.dat not found!

Registry entries deleted on Reboot...
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands....
C:\Documents and Settings\User\Desktop\Fire Waterfall.....

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
Ran It

Ran it again...funny thing is with those commands, my computer just hangs on "shutting down". I see see the "remnants" of those files on my desktop which is so strange because when I delete or move to recycle bin it says source can't be found. Attached a pic of my desktop with those files. Here is the OTL log.TY.

undeletable files.jpg


All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands.... not found.
File\Folder C:\Documents and Settings\User\Desktop\Fire Waterfall..... not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.VALUED-7B9600FA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bubba
->Flash cache emptied: 0 bytes

User: Bubba.VALUED-7B9600FA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 246440 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 12201108 bytes
->Flash cache emptied: 912 bytes

User: User.VALUED-7B9600FA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4720 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125939 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.VALUED-7B9600FA

User: All Users

User: Bubba
->Flash cache emptied: 0 bytes

User: Bubba.VALUED-7B9600FA
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

User: User
->Flash cache emptied: 0 bytes

User: User.VALUED-7B9600FA

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11102011_155905

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_720.dat moved successfully.

Registry entries deleted on Reboot...
 
Right Click

I'm assuming you mean in properties as there are all the usual cut,copy,delete, send to etc. along with specific program ones. When I try and delete, the message is
"Cannot delete file. Cannot read from source file or disk." Same thing if I try and move them to the recycle bin.

Right clicking properties for both:
Location: C:\Documents and Settings\User\Desktop
Size: 0
Size on Disk:0

Under advanced, only "For Fast Searching, allow indexing of this file."
Strange, eh?
 
Let's try one more time with different code...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Documents and Settings\User\Desktop\Fire*
C:\Documents and Settings\User\Desktop\An oldie*

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
Script Error Resulted

Files still on my desktop but upon reboot my "Active Desktop" was gone. When I click to restore it I get this error:

IE Script Error
Line: 65
Char: 1
Code: 0

file:///C:/Documents%20and%20Settings/User/Application%20Data/Microsoft/Internet%20Explorer/Desktop.htt

When I click Yes (or No) on "Do you want to continue running scripts on this page"?
The box just closes and I still have that white desktop. How do we fix that please?

Here is the OTL log:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Documents and Settings\User\Desktop\Fire Waterfall..... scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands.... scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.VALUED-7B9600FA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bubba
->Flash cache emptied: 0 bytes

User: Bubba.VALUED-7B9600FA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 246440 bytes
->Temporary Internet Files folder emptied: 203511 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 57605088 bytes
->Flash cache emptied: 1413 bytes

User: User.VALUED-7B9600FA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4720 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125939 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.VALUED-7B9600FA

User: All Users

User: Bubba
->Flash cache emptied: 0 bytes

User: Bubba.VALUED-7B9600FA
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

User: User
->Flash cache emptied: 0 bytes

User: User.VALUED-7B9600FA

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11102011_224726

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\User\Desktop\Fire Waterfall..... not found!
File\Folder C:\Documents and Settings\User\Desktop\An oldie but goodie_ Hands.... not found!
C:\WINDOWS\temp\Perflib_Perfdata_724.dat moved successfully.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

Nicki
Solved Possible search.yahoo PUP and/or some other virus/malware
Replies
16
Views
4K
Broni
Broni
S
Inactive Malware created Win7 system processes I cannot end or delete
2
Replies
36
Views
5K
Broni
Broni
OMWeesie
  • Locked
Inactive Potential malware ¨Riskware.IStealer¨
Replies
12
Views
5K
Broni
Broni

Latest posts

Back