Solved Firefox opens new tabs at random

[Resolved] Firefox opens new tabs at random

Thsi seems to be a common complaint on the forum, but I'd like to get this resolved before it drives me nuts. I've done scans with Avast, MalwareBytes, Spybot S&D and a-squared. All have found problems off and on for the past two weeks. Any virus/trojan etc has been quarantined. The problem is most apt to happen when I click on an entry in my "bookmarks ". I've included my DDS and attach logs for your inspection. Thanks in advance for any assistance.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Marc at 23:16:59.50 on Tue 06/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1581 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100615-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\PSIService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Marc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer provided by Insight Broadband
uSearch Bar =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.skunkstudios.com/gutterball2/game/index.html "
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marc\applic~1\mozilla\firefox\profiles\f9lmnb6u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.majorgeeks.com
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2006-2-16 51840]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-12-27 902432]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2006-2-16 45056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-3-30 114768]
R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2009-11-25 19232]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-1-30 233136]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-1-18 1872320]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-12-27 2326920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-30 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-2-17 138680]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-1-30 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-1-30 818432]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-27 159168]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-2-17 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-2-17 352920]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-1-30 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-1-30 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-1-30 115216]
S3 SaiH2586;SaiH2586;c:\windows\system32\drivers\SaiH2586.sys [2007-5-1 132232]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\drivers\capt931a.sys --> c:\windows\system32\drivers\Capt931a.sys [?]

=============== Created Last 30 ================

2010-06-15 23:29:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 20:20:35 0 d-----w- c:\program files\Trend Micro
2010-06-12 01:04:43 1071088 ----a-w- c:\windows\system32\mscomctl.ocx
2010-06-12 01:04:42 0 d-----w- c:\program files\IceChat7
2010-06-12 00:18:53 0 d-----w- c:\docume~1\marc\applic~1\leafChat
2010-06-10 22:21:20 0 d-----w- C:\DVR110D
2010-06-02 04:12:37 0 d-----w- c:\docume~1\marc\applic~1\Malwarebytes
2010-06-02 04:12:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 04:12:10 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-06-02 04:12:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 04:12:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 03:27:50 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-28 20:34:13 54237 ----a-w- c:\documents and settings\marc\.recently-used.xbel

==================== Find3M ====================

2008-09-30 02:01:17 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-30 03:35:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 23:18:08.57 ===============


DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/16/2006 6:32:29 AM
System Uptime: 6/15/2010 11:02:09 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M1689D
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 7 | 2411/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 238 GiB total, 212.844 GiB free.
D: is FIXED (NTFS) - 238 GiB total, 199.26 GiB free.
E: is FIXED (NTFS) - 226 GiB total, 203.882 GiB free.
F: is FIXED (NTFS) - 228 GiB total, 190.452 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

skins ALMS Mod Prototypes 1998-2008 SCC v2.41 for GTR2
skins Le Mans Mod Prototypes 1998-2008 SCC v2.41 for GTR2
skins LMES Mod Prototypes 1998-2008 SCC v2.41 for GTR2
7-Zip 4.42
a-squared Free 4.5
AC-3 ACM Codec
Acrobat.com
Acronis*True*Image*Home
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
AllToAVI v4 r5394
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
audioGnome Active Installer
Audiograbber 1.83 SE
AusLogics Disk Defrag
avast! Antivirus
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD Audio Reader Filter (remove only)
CDex extraction audio
ConvertXtoDVD 3.1.3.40
Data Lifeguard Diagnostic for Windows
DDS Converter 2.1
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Diamond Drivers 5.8 HD4600 AGP XP Installation
Driver Sweeper 1.0
Enable S3 for USB Device
eSupportQFolder
FAPCup Fictional Porsche MOD v1.0 by Frank A.
foobar2000 v0.9.6.9
GIMP 2.4.4
GTR 2 1.0.0.0
GTR V12 Street Challenge Mod
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HPDeskjet5400Series
HPProductAssistant
IceChat 7.63 (Build 20080417)
ImgBurn
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Mega Codec Pack 1.63
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
mIRC
MMMV8 Supercars
Mod Aston Martin DBR9 v1.1
Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - Cars
Mod Prototypes 1999-2007 SCC pour GTR2 v2.30
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (3.0.4)
MPlayer for Windows (Full Package)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NVIDIA DDS Utilities
NVIDIA Photoshop Plug-ins
OpenAL
OpenOffice.org 3.0
PC Tools Firewall Plus 6.0
PCC06 by GRF
QuickTime
Ray Adams ATI Tray Tools
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Search Plugin
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SolutionCenter
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Switch Sound File Converter
TrayApp
ULi M5289 SATA Controller Driver
ULi PCI to AGP Controller Driver
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
WSGT by RMT for GTR2
Xilisoft AVI MPEG Joiner
XML Paper Specification Shared Components Pack 1.0
Xtreme Sound PCI
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

6/14/2010 5:15:16 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
6/14/2010 5:13:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/14/2010 5:04:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswSP aswTdi atitray Fips IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss
6/14/2010 5:04:26 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/14/2010 5:04:26 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/14/2010 5:04:26 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/14/2010 5:04:26 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

 

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

Crunchie - OTL log files as you requested.

OTL logfile created on: 6/16/2010 7:05:22 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Marc\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 238.35 Gb Total Space | 212.79 Gb Free Space | 89.27% Space Free | Partition Type: NTFS
Drive D: | 238.35 Gb Total Space | 199.26 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive E: | 226.43 Gb Total Space | 203.88 Gb Free Space | 90.04% Space Free | Partition Type: NTFS
Drive F: | 228.39 Gb Total Space | 190.38 Gb Free Space | 83.36% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARC-726164CB3B
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/16 19:02:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
PRC - [2010/05/21 23:26:00 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010/03/17 21:26:26 | 011,957,424 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/01/12 12:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/12/27 19:52:54 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 22:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/12/09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005/12/09 15:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004/11/01 17:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe


========== Modules (SafeList) ==========

MOD - [2010/06/16 19:02:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/12/09 15:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/21 23:26:00 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/12/27 19:52:54 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 22:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/12/09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/13 09:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 10:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 12:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/12/27 19:52:58 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/12/27 19:52:50 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2009/12/27 19:52:48 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/27 19:52:27 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/11/25 08:11:20 | 000,019,232 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/23 14:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/05/15 23:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/04/01 07:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/11 16:00:47 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/05 10:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/09/13 20:41:28 | 000,051,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2007/09/13 20:41:20 | 000,014,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2007/09/13 20:40:54 | 000,019,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/06/25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/01 17:04:30 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH2586.sys -- (SaiH2586)
DRV - [2005/12/09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2005/12/09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/12/09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2005/12/06 11:12:08 | 001,355,456 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2005/12/05 23:27:29 | 000,287,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/12/05 23:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/03 05:31:56 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpkx.sys -- (uliagpkx)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/22 05:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/12/02 04:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/30 22:49:18 | 000,051,840 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289)
DRV - [2004/08/04 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 12:49:20 | 000,022,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LwUsbHid.sys -- (LwUsbHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.majorgeeks.com "
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 14:04:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/15 19:29:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/02 04:49:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/04/17 14:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2010/04/17 14:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/15 19:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions
[2009/01/28 14:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/01/28 14:32:44 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2010/01/06 17:46:15 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/06/04 18:20:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/30 23:27:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2010/06/15 19:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/08 18:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}
[2010/06/15 19:29:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/16 06:26:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/16 07:29:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/06/16 19:02:50 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2010/06/16 13:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/06/15 19:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/14 16:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/11 21:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\IceChat
[2010/06/11 21:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\IceChat7
[2010/06/11 20:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\leafChat
[2010/06/10 18:21:20 | 000,000,000 | ---D | C] -- C:\DVR110D
[2010/06/02 00:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Malwarebytes
[2010/06/02 00:12:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/02 00:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/06/02 00:12:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/02 00:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/27 14:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\NISSAN GT1 2.0
[2010/05/23 21:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\InstallShield
[2010/05/12 23:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\upload_pics
[2010/04/28 16:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\NFS997_GTR2
[2010/04/23 20:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/17 14:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\Thunderbird
[2010/04/07 13:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\Porsche 911 GT1 1998
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/16 19:02:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2010/06/16 19:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\AC94B0D991E725D5.job
[2010/06/16 14:09:27 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Marc\ntuser.dat
[2010/06/16 13:53:24 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/16 13:49:45 | 000,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 23:04:09 | 000,178,544 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/06/15 23:02:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/15 23:02:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/15 23:01:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Marc\ntuser.ini
[2010/06/15 19:43:04 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\dds.scr
[2010/06/15 17:08:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\HiJackThis.lnk
[2010/06/15 15:43:25 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Marc\My Documents\Default.rdp
[2010/06/14 18:31:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\housecall.guid.cache
[2010/06/14 10:13:00 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/11 21:04:43 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\IceChat.lnk
[2010/06/10 23:20:32 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\vso_ts_preview.xml
[2010/06/03 22:25:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/02 00:12:13 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 14:14:58 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\OpenOffice.org Writer.lnk
[2010/05/28 16:34:13 | 000,054,237 | ---- | M] () -- C:\Documents and Settings\Marc\.recently-used.xbel
[2010/05/24 15:15:49 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 12:30:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/22 00:52:00 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Messenger.lnk
[2010/05/13 12:52:37 | 000,004,346 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\bgheart1.gif
[2010/05/11 19:24:18 | 000,018,832 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\Penni.jpg
[2010/05/04 11:41:12 | 000,015,618 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\deb_ltr.odt
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 14:07:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Thunderbird.lnk
[2010/04/15 15:24:17 | 000,047,629 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\Limbs_application.pdf
[2010/04/14 12:12:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 12:05:08 | 000,272,884 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\2009 Indiana Tax return.pdf
[2010/03/22 08:08:42 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/22 08:08:42 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/22 08:08:42 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/16 13:53:24 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/15 19:43:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\dds.scr
[2010/06/15 15:43:25 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Marc\My Documents\Default.rdp
[2010/06/14 18:31:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\housecall.guid.cache
[2010/06/14 16:20:35 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\HiJackThis.lnk
[2010/06/11 21:04:43 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\IceChat.lnk
[2010/06/02 00:12:13 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 14:14:58 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\OpenOffice.org Writer.lnk
[2010/05/29 01:37:06 | 015,728,640 | ---- | C] () -- C:\Documents and Settings\Marc\ntuser.dat
[2010/05/28 16:34:13 | 000,054,237 | ---- | C] () -- C:\Documents and Settings\Marc\.recently-used.xbel
[2010/05/22 00:52:00 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Messenger.lnk
[2010/05/13 12:52:37 | 000,004,346 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\bgheart1.gif
[2010/05/11 19:24:17 | 000,018,832 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\Penni.jpg
[2010/05/04 11:41:12 | 000,015,618 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\deb_ltr.odt
[2010/04/15 15:24:17 | 000,047,629 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\Limbs_application.pdf
[2010/04/14 12:05:08 | 000,272,884 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\2009 Indiana Tax return.pdf
[2010/02/25 19:31:14 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/27 13:25:21 | 000,000,129 | ---- | C] () -- C:\WINDOWS\PhotoMAX.ini
[2010/01/27 13:25:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\cannon.ini
[2010/01/27 13:25:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\arcmail.ini
[2009/10/11 23:04:34 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/11 23:04:34 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009/10/11 23:04:34 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/11 23:04:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/11 23:04:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/10/11 23:04:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/11 23:04:34 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/10/11 23:04:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/11 23:04:34 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/11 23:04:30 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/11 23:04:30 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/11 23:04:30 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/11 23:04:30 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/11 23:04:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/11 23:04:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/11 23:04:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/11 23:04:30 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/11 23:04:30 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/11 23:04:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/11 23:04:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/30 14:30:59 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/01/16 13:07:07 | 000,001,528 | ---- | C] () -- C:\WINDOWS\3DSIMED.INI
[2008/12/30 23:05:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/12/30 23:05:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/06/21 12:13:21 | 000,000,261 | ---- | C] () -- C:\WINDOWS\VehVwr.INI
[2008/03/05 17:51:40 | 000,000,464 | ---- | C] () -- C:\WINDOWS\CMUDA3.ini
[2008/03/05 17:51:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2008/01/03 14:25:15 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/07/10 18:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/05/01 16:04:30 | 001,925,120 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586.Dll
[2007/05/01 16:04:30 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_0C.dll
[2007/05/01 16:04:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_10.dll
[2007/05/01 16:04:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_0A.dll
[2007/05/01 16:04:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_07.dll
[2007/05/01 16:04:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_09.dll
[2007/05/01 16:04:30 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_0402.dll
[2007/05/01 16:04:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_11.dll
[2007/03/28 16:13:08 | 000,000,076 | ---- | C] () -- C:\WINDOWS\PhysicsEditor.ini
[2007/03/08 17:35:44 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/08 17:35:44 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\48ECB69341.sys
[2007/02/23 21:04:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/03 20:46:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/03 20:46:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/04 11:41:35 | 000,000,247 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2006/06/28 22:37:07 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2006/06/27 19:45:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll
[2006/06/02 23:07:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/02/25 19:45:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/17 20:52:50 | 000,002,715 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/17 14:44:53 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/16 08:10:43 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2006/02/16 08:10:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2006/02/16 07:51:23 | 000,000,207 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/02/16 07:45:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/16 07:45:20 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/12/09 15:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 15:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/12/27 19:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2006/04/12 23:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\amen dale 16 obj
[2006/11/30 14:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ashampoo
[2009/04/20 13:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\jgy50JtoEAFke73spIp
[2009/02/10 13:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2008/06/13 17:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Saitek
[2010/06/16 15:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/07 16:44:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8BF851E7-B601-4465-B110-A395EC3B1F09}
[2009/12/27 20:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Acronis
[2006/11/30 14:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Ashampoo
[2008/10/28 11:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Auslogics
[2008/12/07 21:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/15 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\foobar2000
[2010/02/01 19:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\gtk-2.0
[2010/06/11 21:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\IceChat
[2006/03/24 14:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Image Zone Express
[2008/10/15 13:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\ImgBurn
[2009/10/15 22:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Inkscape
[2010/06/11 20:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\leafChat
[2007/03/25 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\MoTeC
[2008/08/05 22:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\MuldeR
[2009/02/10 13:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\NCH Swift Sound
[2008/10/08 13:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\OpenOffice.org
[2010/01/30 14:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\PCToolsFirewallPlus
[2010/04/17 14:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Thunderbird
[2010/06/10 12:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\uTorrent
[2010/06/10 23:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Vso
[2010/06/16 19:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\Tasks\AC94B0D991E725D5.job
[2010/06/16 13:53:24 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/29 23:14:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/29 23:14:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/29 23:14:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/29 23:14:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/05/15 23:39:20 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2006/02/16 01:59:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/02/16 01:59:05 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/02/16 01:59:05 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:07BB519E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >

 

OTL Extras logfile created on: 6/16/2010 7:05:22 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Marc\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 238.35 Gb Total Space | 212.79 Gb Free Space | 89.27% Space Free | Partition Type: NTFS
Drive D: | 238.35 Gb Total Space | 199.26 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive E: | 226.43 Gb Total Space | 203.88 Gb Free Space | 90.04% Space Free | Partition Type: NTFS
Drive F: | 228.39 Gb Total Space | 190.38 Gb Free Space | 83.36% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARC-726164CB3B
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"F:\Downloads\utorrent.exe" = F:\Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"F:\test\utorrent.exe" = F:\test\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" skins ALMS Mod Prototypes 1998-2008 SCC v2.41 for GTR2" = skins ALMS Mod Prototypes 1998-2008 SCC v2.41 for GTR2
" skins Le Mans Mod Prototypes 1998-2008 SCC v2.41 for GTR2" = skins Le Mans Mod Prototypes 1998-2008 SCC v2.41 for GTR2
" skins LMES Mod Prototypes 1998-2008 SCC v2.41 for GTR2" = skins LMES Mod Prototypes 1998-2008 SCC v2.41 for GTR2
"{00099DCF-8DC8-4EA2-A80A-3C2DA67864B2}" = CCC Help Russian
"{006DA48B-84C2-B075-3A6B-DB6090A61306}" = ccc-core-static
"{01587D48-FA82-0CB5-B1ED-CF60359EBF11}" = Catalyst Control Center Graphics Full Existing
"{0286311C-4AF8-FA22-DB38-14950C825B02}" = Catalyst Control Center Graphics Previews Common
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{13858DBF-E649-B602-4922-F2C6F424DF81}" = CCC Help Thai
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Ultra Edition
"{2AFBA4FA-F13F-CFB7-A010-B4ABD7918787}" = CCC Help Finnish
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38FC8A78-B58E-FA87-240A-1F97E6F2A0BD}" = Catalyst Control Center Localization All
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{423E8FEF-4132-A70A-61B3-0726D033060B}" = CCC Help Norwegian
"{430ACB56-530C-E6DE-E352-C49AEDC18395}" = CCC Help Portuguese
"{4515B871-9B69-8B72-FCF7-ED6E95766656}" = CCC Help Turkish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47E6B961-AC49-B8E7-A6A9-BEC54D4AA6B6}" = CCC Help Danish
"{491A759F-F3B3-D1E1-D647-082B7EBA8325}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{513BB9B0-510F-802D-88FA-ADBBBD11B5B0}" = CCC Help Czech
"{53BA6007-3516-4CF8-844D-80FA625E6ACD}_is1" = GTR 2 1.0.0.0
"{5605BCF1-3E90-4468-BAED-A48AC059DF73}" = Catalyst Control Center Graphics Full New
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{635F45CE-157B-2904-F14B-14CB254EC9AB}" = CCC Help German
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{672DD057-CF5C-9696-67F7-5E288F0153F4}" = CCC Help Italian
"{6E86DAB2-6F06-1037-DCB5-D5C06F7CAD96}" = CCC Help Korean
"{708DE09D-32FD-4B24-813F-8BB1B1D2F956}" = Diamond Drivers 5.8 HD4600 AGP XP Installation
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745CA57E-997D-F483-545D-FE58169C38A4}" = CCC Help Dutch
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.3.40
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{86C972F5-1C36-957C-14B8-A13C5657764E}" = CCC Help Swedish
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{92B79901-C57D-409F-8D2F-4E5337383569}" = OpenOffice.org 3.0
"{93074F43-A643-5A8F-88A0-A7A43A80D666}" = Catalyst Control Center Core Implementation
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95591B59-20D3-2678-E976-7CC0A4DAA62F}" = CCC Help Chinese Traditional
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49710D9-0665-E022-C35C-A27064724F41}" = CCC Help Japanese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5423CF8-2D49-E766-1A52-FAF14AC3B4DF}" = ccc-core-preinstall
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2E7E360-022D-4CEB-B840-2D07F1F209B2}" = ATI AVIVO Codecs
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51F0417-4A38-7D39-A06F-9548662055D9}" = Catalyst Control Center HydraVision Full
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBC50689-84B3-A276-E667-185E162621AC}" = ccc-utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C32D7A1E-AF7A-1E53-3574-D70F8DBAE9C0}" = CCC Help Greek
"{C5B4CB33-F375-F6BC-682F-DF322424ABF3}" = CCC Help Spanish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBB9F4D-32D1-7896-AE8B-58F983A3972C}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3A00AE-73CA-EECC-32AA-F76750734AF7}" = Catalyst Control Center Graphics Light
"{D099F296-A6DC-C6A9-73D2-C9B2D7DA7ADA}" = CCC Help Chinese Standard
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{DB53C134-1135-E6E1-6338-534249E4F6FD}" = CCC Help Hungarian
"{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}" = MPlayer for Windows (Full Package)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EC16B64A-38A7-4D7D-BA2E-671ED441304F}" = ULi PCI to AGP Controller Driver
"{EEEFE73A-1900-AC1A-EBA8-132E4A8CBC0C}" = CCC Help English
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"7-Zip" = 7-Zip 4.42
"AC3ACM" = AC-3 ACM Codec
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Software Uninstall Utility
"AllToAVI" = AllToAVI v4 r5394
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"avast!" = avast! Antivirus
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CDex" = CDex extraction audio
"C-Media PCI Sound" = Xtreme Sound PCI
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DDS Converter 2.1" = DDS Converter 2.1
"Diamond Drivers 5.8 HD4600 AGP XP Installation" = Diamond Drivers 5.8 HD4600 AGP XP Installation
"Driver Sweeper_is1" = Driver Sweeper 1.0
"Enable S3 for USB Device" = Enable S3 for USB Device
"FAPCup Fictional Porsche MOD v1.0 by Frank A." = FAPCup Fictional Porsche MOD v1.0 by Frank A.
"foobar2000" = foobar2000 v0.9.6.9
"GTR V12 Street Challenge Mod" = GTR V12 Street Challenge Mod
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IceChat_is1" = IceChat 7.63 (Build 20080417)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.63
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MMMV8 Supercars" = MMMV8 Supercars
"Mod Aston Martin DBR9" = Mod Aston Martin DBR9 v1.1
"Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - Cars" = Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - Cars
"Mod Prototypes 1999-2007 SCC pour GTR2 v2.30" = Mod Prototypes 1999-2007 SCC pour GTR2 v2.30
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"QcDrv" = Logitech® Camera Driver
"rayatitray" = Ray Adams ATI Tray Tools
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = audioGnome Active Installer
"Switch" = Switch Sound File Converter
"ULi M5289 SATA Controller Driver" = ULi M5289 SATA Controller Driver
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.4
"WinRAR archiver" = WinRAR archiver
"Xilisoft AVI MPEG Joiner" = Xilisoft AVI MPEG Joiner
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PCC06 by GRF" = PCC06 by GRF
"PopOkayMeal" = Search Plugin
"WSGT by RMT for GTR2" = WSGT by RMT for GTR2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/2/2006 5:30:11 PM | Computer Name = MARC-726164CB3B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
Incoming email 'FW: Hi!' From: "JILL HARRISON" <JHARRISO@HamiltonCenter.org>, To:
<jharrison2@insightbb.com>, <mflenar@insightbb.com> failed, 0000A474.

Error - 10/17/2007 8:09:36 PM | Computer Name = MARC-726164CB3B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.auslogics.com/disk-defrag/download/diskdefrag_install.exe failed, 0000001E.


[ Application Events ]
Error - 9/27/2009 8:25:41 PM | Computer Name = MARC-726164CB3B | Source = Application Error | ID = 1000
Description = Faulting application gtr2.exe, version 1.1.0.0, faulting module gtr2.exe,
version 1.1.0.0, fault address 0x001fde06.

Error - 10/10/2009 11:22:39 PM | Computer Name = MARC-726164CB3B | Source = Application Error | ID = 1000
Description = Faulting application gtr2.exe, version 1.1.0.0, faulting module gtr2.exe,
version 1.1.0.0, fault address 0x001fde06.

Error - 10/15/2009 10:55:49 PM | Computer Name = MARC-726164CB3B | Source = Application Hang | ID = 1002
Description = Hanging application inkscape.exe, version 0.46.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 7:20:59 PM | Computer Name = MARC-726164CB3B | Source = Application Error | ID = 1000
Description = Faulting application gtr2.exe, version 1.1.0.0, faulting module gtr2.exe,
version 1.1.0.0, fault address 0x001db76b.

Error - 10/22/2009 7:27:29 PM | Computer Name = MARC-726164CB3B | Source = Application Error | ID = 1000
Description = Faulting application gtr2.exe, version 1.1.0.0, faulting module gtr2.exe,
version 1.1.0.0, fault address 0x001db76b.

Error - 11/18/2009 1:17:44 PM | Computer Name = MARC-726164CB3B | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libmkv_plugin.dll,
version 0.0.0.0, fault address 0x00009837.

Error - 11/18/2009 1:18:12 PM | Computer Name = MARC-726164CB3B | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libmkv_plugin.dll,
version 0.0.0.0, fault address 0x00009837.

Error - 11/23/2009 11:27:02 PM | Computer Name = MARC-726164CB3B | Source = Application Hang | ID = 1002
Description = Hanging application ImgBurn.exe, version 2.4.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2009 2:45:16 PM | Computer Name = MARC-726164CB3B | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 6.6.0.16, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2009 7:25:08 PM | Computer Name = MARC-726164CB3B | Source = Application Error | ID = 1000
Description = Faulting application gtr2.exe, version 1.1.0.0, faulting module gtr2.exe,
version 1.1.0.0, fault address 0x001db76b.

[ System Events ]
Error - 6/14/2010 12:05:14 PM | Computer Name = MARC-726164CB3B | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 6/14/2010 5:03:23 PM | Computer Name = MARC-726164CB3B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/14/2010 5:04:26 PM | Computer Name = MARC-726164CB3B | Source = Service Control Manager | ID = 7001
Description = The TCP/IP Protocol Driver service depends on the IPSEC driver service
which failed to start because of the following error: %%31

Error - 6/14/2010 5:04:26 PM | Computer Name = MARC-726164CB3B | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 6/14/2010 5:04:26 PM | Computer Name = MARC-726164CB3B | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%1068

Error - 6/14/2010 5:04:26 PM | Computer Name = MARC-726164CB3B | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/14/2010 5:04:26 PM | Computer Name = MARC-726164CB3B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD AmdK8 aswSP aswTdi atitray Fips IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss

Error - 6/14/2010 5:13:55 PM | Computer Name = MARC-726164CB3B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/14/2010 5:15:16 PM | Computer Name = MARC-726164CB3B | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 6/14/2010 6:55:19 PM | Computer Name = MARC-726164CB3B | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.


< End of report >

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5555
  
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Let me know how things are now.

 

crunchie - logs as you requested. I should mention that when I ran the runfix in OTL at the end of the process I got a blue screen and then the pc rebooted itself. I think this was the proper thing to happen, although the log is only 2 lines as noted below. If I did something wrong please let me know. So far no unwanted tabs are opening so I'm hopeful this has provided the fix.

The logs are as followes:

This is following completion of run/fix:

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 6/17/2010 2:38:10 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Marc\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 238.35 Gb Total Space | 213.09 Gb Free Space | 89.40% Space Free | Partition Type: NTFS
Drive D: | 238.35 Gb Total Space | 199.26 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive E: | 226.43 Gb Total Space | 203.88 Gb Free Space | 90.04% Space Free | Partition Type: NTFS
Drive F: | 228.39 Gb Total Space | 190.38 Gb Free Space | 83.36% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARC-726164CB3B
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/16 19:02:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
PRC - [2010/05/21 23:26:00 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010/01/12 12:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/12/27 19:52:54 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/04/13 20:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 22:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/12/09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005/12/09 15:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004/11/01 17:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe


========== Modules (SafeList) ==========

MOD - [2010/06/16 19:02:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/12/09 15:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/21 23:26:00 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/12/27 19:52:54 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 22:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/12/09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/13 09:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 10:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 12:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/12/27 19:52:58 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/12/27 19:52:50 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2009/12/27 19:52:48 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/27 19:52:27 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/11/25 08:11:20 | 000,019,232 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/23 14:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/05/15 23:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/04/01 07:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/11 16:00:47 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/05 10:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/09/13 20:41:28 | 000,051,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2007/09/13 20:41:20 | 000,014,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2007/09/13 20:40:54 | 000,019,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/06/25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/01 17:04:30 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH2586.sys -- (SaiH2586)
DRV - [2005/12/09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2005/12/09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/12/09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2005/12/06 11:12:08 | 001,355,456 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2005/12/05 23:27:29 | 000,287,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/12/05 23:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/03 05:31:56 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpkx.sys -- (uliagpkx)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/22 05:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/12/02 04:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/30 22:49:18 | 000,051,840 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289)
DRV - [2004/08/04 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 12:49:20 | 000,022,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LwUsbHid.sys -- (LwUsbHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.majorgeeks.com "
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/17 13:40:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/17 13:40:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/02 04:49:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/04/17 14:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2010/04/17 14:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/16 19:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions
[2009/01/28 14:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/01/28 14:32:44 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2010/01/06 17:46:15 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/06/04 18:20:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/30 23:27:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2010/06/16 19:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/08 18:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}
[2010/06/15 19:29:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/16 06:26:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/17 12:36:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/16 19:02:50 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2010/06/16 13:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/06/15 19:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/14 16:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/11 21:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\IceChat
[2010/06/11 21:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\IceChat7
[2010/06/11 20:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\leafChat
[2010/06/10 18:21:20 | 000,000,000 | ---D | C] -- C:\DVR110D
[2010/06/02 00:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Malwarebytes
[2010/06/02 00:12:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/02 00:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/06/02 00:12:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/02 00:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/27 14:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\NISSAN GT1 2.0
[2010/05/23 21:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\InstallShield
[2010/05/12 23:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\upload_pics
[2010/04/28 16:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\NFS997_GTR2
[2010/04/23 20:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/17 14:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\Thunderbird
[2010/04/07 13:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\Porsche 911 GT1 1998
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/17 14:39:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/17 14:37:15 | 000,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/17 14:37:08 | 000,178,544 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/06/17 14:36:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/17 14:35:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/17 14:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\AC94B0D991E725D5.job
[2010/06/17 13:40:31 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/06/17 13:35:11 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Marc\ntuser.dat
[2010/06/17 13:35:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Marc\ntuser.ini
[2010/06/17 09:58:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/16 19:02:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2010/06/15 19:43:04 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\dds.scr
[2010/06/15 17:08:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\HiJackThis.lnk
[2010/06/15 15:43:25 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Marc\My Documents\Default.rdp
[2010/06/14 18:31:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\housecall.guid.cache
[2010/06/11 21:04:43 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\IceChat.lnk
[2010/06/10 23:20:32 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\vso_ts_preview.xml
[2010/06/03 22:25:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/02 00:12:13 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 14:14:58 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\OpenOffice.org Writer.lnk
[2010/05/28 16:34:13 | 000,054,237 | ---- | M] () -- C:\Documents and Settings\Marc\.recently-used.xbel
[2010/05/24 15:15:49 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 12:30:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/22 00:52:00 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Messenger.lnk
[2010/05/13 12:52:37 | 000,004,346 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\bgheart1.gif
[2010/05/11 19:24:18 | 000,018,832 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\Penni.jpg
[2010/05/04 11:41:12 | 000,015,618 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\deb_ltr.odt
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 14:07:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Thunderbird.lnk
[2010/04/15 15:24:17 | 000,047,629 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\Limbs_application.pdf
[2010/04/14 12:12:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 12:05:08 | 000,272,884 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\2009 Indiana Tax return.pdf
[2010/03/22 08:08:42 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/22 08:08:42 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/22 08:08:42 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/16 13:53:24 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/15 19:43:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\dds.scr
[2010/06/15 15:43:25 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Marc\My Documents\Default.rdp
[2010/06/14 18:31:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\housecall.guid.cache
[2010/06/14 16:20:35 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\HiJackThis.lnk
[2010/06/11 21:04:43 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\IceChat.lnk
[2010/06/02 00:12:13 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 14:14:58 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\OpenOffice.org Writer.lnk
[2010/05/29 01:37:06 | 015,728,640 | ---- | C] () -- C:\Documents and Settings\Marc\ntuser.dat
[2010/05/28 16:34:13 | 000,054,237 | ---- | C] () -- C:\Documents and Settings\Marc\.recently-used.xbel
[2010/05/22 00:52:00 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Messenger.lnk
[2010/05/13 12:52:37 | 000,004,346 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\bgheart1.gif
[2010/05/11 19:24:17 | 000,018,832 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\Penni.jpg
[2010/05/04 11:41:12 | 000,015,618 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\deb_ltr.odt
[2010/04/15 15:24:17 | 000,047,629 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\Limbs_application.pdf
[2010/04/14 12:05:08 | 000,272,884 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\2009 Indiana Tax return.pdf
[2010/02/25 19:31:14 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/27 13:25:21 | 000,000,129 | ---- | C] () -- C:\WINDOWS\PhotoMAX.ini
[2010/01/27 13:25:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\cannon.ini
[2010/01/27 13:25:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\arcmail.ini
[2009/10/11 23:04:34 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/11 23:04:34 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009/10/11 23:04:34 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/11 23:04:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/11 23:04:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/10/11 23:04:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/11 23:04:34 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/10/11 23:04:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/11 23:04:34 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/11 23:04:30 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/11 23:04:30 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/11 23:04:30 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/11 23:04:30 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/11 23:04:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/11 23:04:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/11 23:04:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/11 23:04:30 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/11 23:04:30 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/11 23:04:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/11 23:04:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/30 14:30:59 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/01/16 13:07:07 | 000,001,528 | ---- | C] () -- C:\WINDOWS\3DSIMED.INI
[2008/12/30 23:05:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/12/30 23:05:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/06/21 12:13:21 | 000,000,261 | ---- | C] () -- C:\WINDOWS\VehVwr.INI
[2008/03/05 17:51:40 | 000,000,464 | ---- | C] () -- C:\WINDOWS\CMUDA3.ini
[2008/03/05 17:51:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2008/01/03 14:25:15 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/07/10 18:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/05/01 16:04:30 | 001,925,120 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586.Dll
[2007/05/01 16:04:30 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_0C.dll
[2007/05/01 16:04:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_10.dll
[2007/05/01 16:04:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_0A.dll
[2007/05/01 16:04:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_07.dll
[2007/05/01 16:04:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_09.dll
[2007/05/01 16:04:30 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_0402.dll
[2007/05/01 16:04:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC2586_11.dll
[2007/03/28 16:13:08 | 000,000,076 | ---- | C] () -- C:\WINDOWS\PhysicsEditor.ini
[2007/03/08 17:35:44 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/08 17:35:44 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\48ECB69341.sys
[2007/02/23 21:04:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/03 20:46:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/03 20:46:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/04 11:41:35 | 000,000,247 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2006/06/28 22:37:07 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2006/06/27 19:45:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll
[2006/06/02 23:07:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/02/25 19:45:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/17 20:52:50 | 000,002,715 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/17 14:44:53 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/16 08:10:43 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2006/02/16 08:10:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2006/02/16 07:51:23 | 000,000,207 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/02/16 07:45:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/16 07:45:20 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/12/09 15:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 15:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/12/27 19:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2006/04/12 23:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\amen dale 16 obj
[2006/11/30 14:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ashampoo
[2009/04/20 13:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\jgy50JtoEAFke73spIp
[2009/02/10 13:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2008/06/13 17:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Saitek
[2010/06/17 14:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/07 16:44:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8BF851E7-B601-4465-B110-A395EC3B1F09}
[2009/12/27 20:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Acronis
[2006/11/30 14:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Ashampoo
[2008/10/28 11:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Auslogics
[2008/12/07 21:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/15 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\foobar2000
[2010/02/01 19:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\gtk-2.0
[2010/06/11 21:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\IceChat
[2006/03/24 14:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Image Zone Express
[2008/10/15 13:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\ImgBurn
[2009/10/15 22:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Inkscape
[2010/06/11 20:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\leafChat
[2007/03/25 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\MoTeC
[2008/08/05 22:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\MuldeR
[2009/02/10 13:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\NCH Swift Sound
[2008/10/08 13:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\OpenOffice.org
[2010/01/30 14:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\PCToolsFirewallPlus
[2010/04/17 14:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Thunderbird
[2010/06/10 12:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\uTorrent
[2010/06/10 23:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Vso
[2010/06/17 14:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\Tasks\AC94B0D991E725D5.job
[2010/06/17 14:39:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:07BB519E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C31F31E6
< End of report >

 

I just reopened FireFox and still got a new tab opened. This time it was for a work at home site. I opened my list of bookmarks and the new tab immediately opened. I'm wondering if OTL actually completed the fix procedure because I got another blue screen and another reboot. I wasn't able to read the blue screen because it disappeared very quickly. Do I need to temporarily disable my avast and/or disconnect from the internet while OTL runs? I feel like I must be doing something wrong on my end.

I posted the logs from the runfix and from a new quick scan in another post that needs to be approved prior to showing up here.

 

Ok. Lets try:

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Don't worry. You're doing fine

 

crunchie - Here is the ComboFix log as you requested. I noticed my firewall was running, but I had disconnected my internet connection prior to running the program. Hopefully it didn't cause a problem with the results.

ComboFix 10-06-17.02 - Marc 06/17/2010 19:16:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1524 [GMT -4:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100617-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marc\Application Data\inst.exe
c:\windows\system32\install.exe
c:\windows\system32\twain.dll
c:\windows\system32\win.com

Infected copy of c:\windows\system32\drivers\InCDRm.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))
.

2010-06-17 16:36 . 2010-06-17 16:36 -------- d-----w- C:\_OTL
2010-06-16 17:50 . 2010-06-16 17:50 -------- d-----w- c:\program files\Windows Defender
2010-06-15 23:40 . 2010-06-15 23:40 503808 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-603008e9-n\msvcp71.dll
2010-06-15 23:40 . 2010-06-15 23:40 499712 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-603008e9-n\jmc.dll
2010-06-15 23:40 . 2010-06-15 23:40 348160 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-603008e9-n\msvcr71.dll
2010-06-15 23:40 . 2010-06-15 23:40 61440 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6f3ed425-n\decora-sse.dll
2010-06-15 23:40 . 2010-06-15 23:40 12800 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6f3ed425-n\decora-d3d.dll
2010-06-15 23:29 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 20:20 . 2010-06-14 20:20 388096 ----a-r- c:\documents and settings\Marc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-14 20:20 . 2010-06-14 20:20 -------- d-----w- c:\program files\Trend Micro
2010-06-12 01:05 . 2010-06-12 01:06 -------- d-----w- c:\documents and settings\Marc\Application Data\IceChat
2010-06-12 01:04 . 2010-06-12 01:05 -------- d-----w- c:\program files\IceChat7
2010-06-12 00:18 . 2010-06-12 00:29 -------- d-----w- c:\documents and settings\Marc\Application Data\leafChat
2010-06-10 22:21 . 2010-06-10 22:21 -------- d-----w- C:\DVR110D
2010-06-02 08:49 . 2010-06-02 08:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Thunderbird
2010-06-02 08:49 . 2010-06-02 08:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Thunderbird
2010-06-02 04:12 . 2010-06-02 04:12 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes
2010-06-02 04:12 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 04:12 . 2010-06-02 04:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-02 04:12 . 2010-06-02 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 04:12 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 03:27 . 2010-05-31 03:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-24 01:54 . 2010-05-24 01:54 -------- d-----w- c:\documents and settings\Marc\Application Data\InstallShield
2010-05-22 04:51 . 2009-05-26 23:50 607472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!\YUpdater\yupdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-02 14:23 . 2008-06-27 17:27 -------- d---a-w- c:\program files\Guru3D.com
2010-06-17 18:36 . 2007-05-25 17:54 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-06-17 17:32 . 2006-05-15 01:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-15 23:29 . 2006-02-20 03:43 -------- d-----w- c:\program files\Common Files\Java
2010-06-15 23:29 . 2006-02-20 03:44 -------- d-----w- c:\program files\Java
2010-06-15 21:36 . 2008-08-05 20:19 -------- d-----w- c:\documents and settings\Marc\Application Data\foobar2000
2010-06-12 19:13 . 2010-01-19 03:22 -------- d-----w- c:\program files\a-squared Free
2010-06-12 01:03 . 2009-06-07 21:42 -------- d-----w- c:\program files\LimeWire
2010-06-11 03:20 . 2009-01-15 22:57 -------- d-----w- c:\documents and settings\Marc\Application Data\Vso
2010-06-11 01:18 . 2009-12-05 04:03 -------- d-----w- c:\program files\AllToAVI
2010-06-10 22:36 . 2008-06-28 03:34 -------- d-----w- c:\program files\MPlayer for Windows
2010-06-10 16:43 . 2006-03-08 23:42 -------- d-----w- c:\documents and settings\Marc\Application Data\uTorrent
2010-06-09 00:29 . 2006-02-18 23:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-04 02:25 . 2007-07-20 03:01 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-04 00:53 . 2009-03-15 01:26 -------- d-----w- c:\program files\Google
2010-06-01 18:15 . 2008-10-08 17:40 1 ----a-w- c:\documents and settings\Marc\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-31 03:29 . 2010-01-30 17:58 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-05-31 03:27 . 2009-08-29 04:09 214184 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-24 01:55 . 2006-02-16 11:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-22 04:51 . 2010-04-24 00:22 -------- d-----w- c:\program files\Yahoo!
2010-04-23 21:13 . 2010-01-30 17:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-23 21:10 . 2006-03-03 19:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2008-09-30 02:01 . 2007-03-08 21:35 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater "= "c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LogitechVideo[inspector] "= "c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 14:33 73728]
"LogitechCameraService(E) "= "c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"00PCTFW "= "c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"LVCOMSX "= "c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-04-20 155648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
2005-03-10 06:56 405504 ----a-w- c:\program files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 13:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2005-12-07 14:26 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-04-20 16:28 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 13:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-22 09:09 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"f:\\Downloads\\utorrent.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2/16/2006 7:44 AM 51840]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [12/27/2009 7:52 PM 902432]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2/16/2006 7:44 AM 45056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/30/2008 11:51 AM 114768]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [11/25/2009 8:11 AM 19232]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/30/2010 1:58 PM 233136]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [1/18/2010 11:22 PM 1872320]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/27/2009 7:52 PM 2326920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/30/2008 11:51 AM 20560]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/30/2010 1:58 PM 88040]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/27/2009 7:52 PM 159168]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [1/30/2010 1:58 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [1/30/2010 1:58 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/30/2010 1:58 PM 115216]
S3 SaiH2586;SaiH2586;c:\windows\system32\drivers\SaiH2586.sys [5/1/2007 4:04 PM 132232]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys --> c:\windows\system32\Drivers\Capt931a.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\f9lmnb6u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.majorgeeks.com
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-CmPCIaudio - CMICNFG3.CPL
MSConfigStartUp-16objmoveonce - c:\documents and settings\All Users.WINDOWS\Application Data\amen dale 16 obj\Option book.exe
MSConfigStartUp-ANTIVIRUS - c:\program files\SAV\sav.exe
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-iTunesHelper - f:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
MSConfigStartUp-MailOwns - c:\docume~1\Marc\APPLIC~1\AXISLO~1\Live third.exe
MSConfigStartUp-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove- skins ALMS Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - e:\gtr2_mod\Uninstall_ALMS_skins_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
AddRemove- skins Le Mans Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - c:\documents and settings\Marc\Desktop\SCC Prototype skins\Uninstall_LeMans_skins_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
AddRemove- skins LMES Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - c:\documents and settings\Marc\Desktop\SCC Prototype skins\Uninstall_ skins_LMES_Mod_Prototypes_1998-2008_SCC_v2.41_for_GTR2.exe
AddRemove-FAPCup Fictional Porsche MOD v1.0 by Frank A - j:\gtr2\Uninstal.exe
AddRemove-GTR V12 Street Challenge Mod - i:\gtr2_new\Uninstal.exe
AddRemove-MMMV8 Supercars - j:\gtr2\Uninstall MMMV8 Supercars.exe
AddRemove-Mod Aston Martin DBR9 - i:\gtr2\uninstall.exe
AddRemove-Mod Prototypes 1999-2007 SCC pour GTR2 v2.30 - e:\gtr2_mod\Uninstal_Mod_Prototypes_1999-2007_SCC_pour_GTR2_v2.30.exe
AddRemove-{53BA6007-3516-4CF8-844D-80FA625E6ACD}_is1 - i:\gtr2_new\Support\unins000.exe
AddRemove-{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1 - i:\gtr2\Support\unins000.exe
AddRemove-PCC06 by GRF - e:\gtr2_mod\Uninstal PCC06.exe
AddRemove-PopOkayMeal - c:\docume~1\Marc\APPLIC~1\AXISLO~1\Live third.exe
AddRemove-WSGT by RMT for GTR2 - i:\wsgt_test\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 19:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0BDF10A-DDC4-54C7-579C-71979B66CC3E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-17 19:23:25
ComboFix-quarantined-files.txt 2010-06-17 23:23

Pre-Run: 228,701,077,504 bytes free
Post-Run: 229,815,623,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

- - End Of File - - 996995A4ABE7F1D84357993EF0B0A895

 

How are things now after the combofix run?

 

FireFox seems to be behaving itself so far. Would I be wise to re-enable system restore once we're sure the problem is resolved? I also have a notification that I have Microsoft Updates to install, should I wait a bit before I do that? The updtes consit of Active X Killbits updates, NET Framework, Windows Defender and various XP security updates.

 

crunchie - So far Firefox seems to be behaving itself. Not giving me any random new tabs as of yet.

Acouple questions. I have System Restore disabled at the moment, would I be wise to re-enable it once we're sure the problem is resolved? I also received notification that I have Windows updates ready to install. Looks like they are activeX Killbits, NET Framework, Windows Defender and misc XP Security updates, 13 files in all. Should I wait a bit before I go ahead and install them?

I appreciate all your help in getting this annoying problem taken care of. Good to know there's a place to come to get help.

****!! Sorry for the double post.

 

Personally I would not have disabled system restore to start with (unless you have a back-up of the drive), as I believe that an infected restore point is better than none .
So yes, go ahead and re-enable it and create a new restore point immediately, then go ahead and get any security updates required.

===========

I will get you to do a quick on-line scan too to verify things are ok.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• In the drop down box labeled Files of type change the type to Text file.
• Save the file to your Desktop.
• Copy and paste that information in your next post.

 

Kaspersky Online Scan results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, June 18, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 18, 2010 15:59:06
Records in database: 4291682
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 112055
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 02:41:44


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\InCDRm.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{C7C32FFC-D32E-45F1-9981-69263AFDE10D}\RP1\A0000088.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{C7C32FFC-D32E-45F1-9981-69263AFDE10D}\RP1\A0000216.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

Selected area has been scanned.

 

Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run and type msconfig and press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

============

Launch OTL and click on the Cleanup button. Follow the prompts.

That will remove the entries above.

 

crunchie - created a new restore point and ran OTL. It didn't generate a log of any type, so I hope I did everything correctly. After the OTL reboot OTL and DDS were both gone which I believe is correct. I also installed the Windows updates so they would be in place before the new restore point was made.

I'll keep my fingers crossed that this issue is resolved. Do I need to mark the thread as resolved or does a moderator do that? Thanks ever so much for all your help. It is greatly appreciated.

 

No worries. Keep everything up-to-date and you will be as secure as is likely possible .

I will mark it resolved for you.