Solved Get pop ups when starting IE 7, even with pop up blocker active

ComboFix 10-09-01.02 - Andy 09/01/2010 20:25:53.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2781 [GMT -6:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100901-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Gkakecah.bin "
"c:\windows\Uwarikic.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Gkakecah.bin
c:\windows\Uwarikic.dat

.
((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-30 01:29 . 2010-08-30 01:29 -------- d-----w- c:\program files\Trend Micro
2010-08-30 00:48 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-29 23:34 . 2010-08-29 23:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-29 23:13 . 2010-08-29 23:13 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\Sunbelt Software
2010-08-29 23:12 . 2010-08-29 23:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-29 23:12 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-29 23:12 . 2010-08-29 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-29 23:12 . 2010-08-29 23:12 -------- d-----w- c:\program files\Lavasoft
2010-08-29 21:37 . 2010-08-29 21:37 6476416 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\Connect.exe
2010-08-29 21:37 . 2010-08-29 21:37 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Setup.exe
2010-08-29 21:37 . 2010-08-29 21:37 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Connect.exe
2010-08-29 20:18 . 2010-08-29 20:18 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-29 19:58 . 2010-09-01 12:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-28 19:45 . 2010-08-29 21:46 -------- d-----w- c:\program files\Cisco Systems
2010-08-28 19:21 . 2010-08-28 19:21 -------- d-----w- c:\windows\system32\scripting
2010-08-28 19:21 . 2010-08-28 19:21 -------- d-----w- c:\windows\l2schemas
2010-08-28 19:21 . 2010-08-28 19:21 -------- d-----w- c:\windows\system32\en
2010-08-28 19:21 . 2010-08-28 19:21 -------- d-----w- c:\windows\system32\bits
2010-08-28 19:09 . 2008-04-14 00:11 32285 ------w- c:\windows\system32\hsfcisp2.dll
2010-08-28 18:46 . 2010-08-28 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
2010-08-15 20:08 . 2010-08-15 20:08 -------- d-----w- c:\temp\ObeoTour_514342_369

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 20:22 . 2009-06-14 23:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-08-29 20:22 . 2008-12-01 11:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-28 19:30 . 2008-12-01 11:57 86520 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 17:01 . 2010-04-12 02:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-08 19:02 . 2009-04-25 20:29 -------- d-----w- c:\documents and settings\Andy\Application Data\LimeWire
2010-08-06 22:31 . 2009-10-03 13:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.

((((((((((((((((((((((((((((( SnapShot_2010-09-02_00.10.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-02 02:15 . 2010-09-02 02:15 16384 c:\windows\temp\Perflib_Perfdata_608.dat
+ 2010-09-02 02:15 . 2010-09-02 02:15 16384 c:\windows\temp\Perflib_Perfdata_518.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-14 244208]
"Logitech Utility "= "Logi_MwX.Exe" [2003-12-17 19968]
"lxdmmon.exe "= "c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-07-06 455344]
"lxdmamon "= "c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-06-01 20480]
"Lexmark 5000 Series Fax Server "= "c:\program files\Lexmark 5000 Series\fm3032.exe" [2007-07-06 307888]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-12-7 49220]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\system32\onhelp.htm
FriendlyName= tets

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\WINDOWS\\system32\\lxdmcoms.exe "=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmamon.exe "=
"c:\\Program Files\\Lexmark 5000 Series\\frun.exe "=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe "=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe "=
"c:\\Program Files\\Lexmark 5000 Series\\LXDMFax.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/7/2009 3:43 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2009 3:43 PM 20560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 8:49 AM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 6:15 AM 1355416]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [5/14/2008 9:32 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [5/14/2008 9:32 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 6:15 AM 15008]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [5/14/2008 9:31 AM 1120752]
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:49]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.earthlink.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 20:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3003520428-431247303-3936332552-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-01 20:30:09
ComboFix-quarantined-files.txt 2010-09-02 02:30
ComboFix2.txt 2010-09-02 00:11
ComboFix3.txt 2009-09-07 21:21

Pre-Run: 460,385,828,864 bytes free
Post-Run: 460,372,537,344 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - F0A7B6FBB0E1F32986CDD72933EBE484

 

OTL logfile created on: 9/1/2010 8:46:06 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.69 Gb Total Space | 428.78 Gb Free Space | 92.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDYNSHELL
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/01 20:44:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
PRC - [2010/08/12 06:15:19 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/12 06:15:19 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/06 10:53:08 | 000,455,344 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
PRC - [2007/06/08 03:05:51 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdmcoms.exe
PRC - [2007/06/01 14:06:09 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
PRC - [2006/09/25 08:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/04/10 15:24:20 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2004/01/08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/01 20:44:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
MOD - [2008/04/13 18:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/01/08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/01/08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/12 06:15:19 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/06/08 03:05:51 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdmcoms.exe -- (lxdm_device)
SRV - [2007/06/08 03:05:43 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\MTictwl.sys -- (NCPro)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Andy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/12 06:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2009/11/24 17:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 17:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 17:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/09/24 18:39:06 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/09/24 18:38:54 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/19 21:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/07/19 17:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081201

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/04/25 14:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions
[2009/04/25 14:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/09/01 20:29:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Lexmark 5000 Series Fax Server] C:\Program Files\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxdmamon] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283021253187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283021241203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.19.128.53 72.19.128.99
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (tets) - C:\WINDOWS\system32\onhelp.htm
O24 - Desktop WallPaper: C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/01 20:44:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
[2010/09/01 17:57:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/01 17:53:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/01 17:53:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/01 17:53:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/29 19:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/29 17:34:59 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/29 17:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\Sunbelt Software
[2010/08/29 17:12:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/29 17:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/29 17:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/29 17:09:31 | 133,582,520 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Andy\Desktop\Ad-AwareInstall.exe
[2010/08/29 08:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/29 08:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/28 13:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/08/28 13:28:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/28 13:21:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/08/28 13:21:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/28 13:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/08/28 13:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/28 13:14:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/08/28 12:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/05 16:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Windows
[2010/07/20 18:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\County Bldg Pics
[2010/07/20 18:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Snow Blower Videos
[2009/04/26 09:27:56 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll
[2009/04/26 09:27:56 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll
[2009/04/26 09:27:56 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll
[2009/04/26 09:27:56 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll
[2009/04/26 09:27:56 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll
[2009/04/26 09:27:55 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll
[2009/04/26 09:27:55 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll
[2009/04/26 09:27:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll
[2009/04/26 09:27:54 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll
[2009/04/26 09:27:53 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll
[2009/04/26 09:27:53 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/01 20:44:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
[2010/09/01 20:37:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/01 20:30:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 20:29:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/01 20:29:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/01 20:24:08 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Andy\ntuser.dat
[2010/09/01 20:15:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/01 20:15:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 20:14:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Andy\ntuser.ini
[2010/09/01 20:04:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/01 17:58:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/01 17:49:54 | 003,830,204 | R--- | M] () -- C:\Documents and Settings\Andy\Desktop\ComboFix.exe
[2010/09/01 17:47:32 | 000,014,439 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Denver Gas Prices - Find Cheap Gas Prices in Colorado.url
[2010/09/01 07:28:21 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 06:58:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/01 05:48:43 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Microsoft Office Outlook 2003.lnk
[2010/08/30 20:57:09 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\bm6coknt.exe
[2010/08/30 20:54:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Andy\Desktop\~$STEP 2.doc
[2010/08/30 20:46:11 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\STEP 2.doc
[2010/08/30 18:07:08 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\dds.scr
[2010/08/29 19:29:49 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\HijackThis.lnk
[2010/08/29 17:34:59 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/29 17:12:46 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/29 17:12:46 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/29 17:09:33 | 133,582,520 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Andy\Desktop\Ad-AwareInstall.exe
[2010/08/29 15:48:52 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Woodford anti-siphon faucets..url
[2010/08/29 15:48:27 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Welcome to Harborland Farms Online Shopping Website!.url
[2010/08/29 14:43:56 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Olympian LP Gas 90° Propane Tee eBay Motors (item 120585714928 end time Sep-17-10 091710 PDT).url
[2010/08/29 14:37:48 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Camcos Heavy Duty 90` Propane Tee with 12ft Hose - eBay (item 170458856570 end time Sep-09-10 181620 PDT).url
[2010/08/29 14:20:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/29 14:18:13 | 004,888,060 | -H-- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\IconCache.db
[2010/08/28 15:01:36 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Human Space flight.url
[2010/08/28 14:59:19 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\The Digital TV Transition Reception Maps.url
[2010/08/28 14:59:10 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\AntennaWeb.url
[2010/08/28 14:58:36 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Colorado State Parks.url
[2010/08/28 14:58:11 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Vendors 2007 - Green Chile Vendors in Denver Metro Area.url
[2010/08/28 14:03:26 | 000,009,195 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\WeatherPLUS Custom Weather Denver, Colorado 9NEWS.com.url
[2010/08/28 13:30:14 | 000,539,492 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/28 13:30:14 | 000,454,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/28 13:30:14 | 000,075,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/28 13:27:41 | 000,451,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/28 13:17:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/26 20:52:50 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\LP GAS.url
[2010/08/26 20:50:43 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Campground Details - South Meadows (CO), CO - ReserveAmerica - [NRSO].url
[2010/08/26 20:50:19 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Barbecue University®.url
[2010/08/26 20:35:33 | 000,001,298 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Amazon.com Camco 59133 RV Brass 90 Tee with 3 ports Automotive.url
[2010/08/25 22:20:54 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\ProtectMyID.com Get Full-Service Identity Theft Protection by Experian (2).url
[2010/08/25 16:58:11 | 000,000,313 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Charles Schwab.url
[2010/08/19 13:04:21 | 000,013,417 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Costco Tire Hazard Warranty.pdf
[2010/08/15 14:06:51 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Myrick Transitional Operations Org Structure 08152010.ppt
[2010/08/14 11:59:52 | 002,998,272 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\ObeoTour_514342_369.exe
[2010/08/14 11:09:08 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Myrick Transitional Operations Org Structure 08142010.ppt
[2010/08/14 10:51:02 | 000,000,394 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Blue Rhino - Outdoor LP Gas Barbecue Grills.url
[2010/08/13 16:41:35 | 000,157,696 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Myrick Transitional Operations Org Structure 08132010.ppt
[2010/08/12 11:05:51 | 002,109,809 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\8-12-2010 - Work Release Form - Home.PDF
[2010/08/12 06:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/10 18:20:39 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Terracina Lighting with Summary.xls
[2010/08/10 11:46:05 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Osorio takeoff-slo.xls
[2010/08/10 11:26:08 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Terracina Lighting.xls
[2010/07/22 19:00:05 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\TV Listings for Broadcast in PARKER, CO - AOL Television.url
[2010/07/22 17:56:17 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\To avoid a conflict with your Internet Service Provider.doc
[2010/07/21 21:14:35 | 002,823,290 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\wgt624v3_ref_manual_25Apr05.pdf
[2010/06/25 19:34:30 | 001,079,292 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\Lacrosse 9080.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/01 17:53:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/01 17:49:54 | 003,830,204 | R--- | C] () -- C:\Documents and Settings\Andy\Desktop\ComboFix.exe
[2010/08/30 20:57:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\bm6coknt.exe
[2010/08/30 20:54:22 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Andy\Desktop\~$STEP 2.doc
[2010/08/30 20:46:11 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\STEP 2.doc
[2010/08/30 18:07:03 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\dds.scr
[2010/08/29 19:29:49 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\HijackThis.lnk
[2010/08/29 18:48:43 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/29 17:35:19 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/29 17:12:46 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/29 17:12:46 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/29 13:58:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/28 22:56:40 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Welcome to Harborland Farms Online Shopping Website!.url
[2010/08/28 13:30:20 | 004,718,592 | ---- | C] () -- C:\Documents and Settings\Andy\ntuser.dat
[2010/08/28 13:10:14 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/08/28 13:10:01 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/08/28 13:09:55 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/08/28 13:09:53 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/08/23 20:57:24 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\LP GAS.url
[2010/08/23 20:46:48 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Camcos Heavy Duty 90` Propane Tee with 12ft Hose - eBay (item 170458856570 end time Sep-09-10 181620 PDT).url
[2010/08/23 20:44:50 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Olympian LP Gas 90° Propane Tee eBay Motors (item 120585714928 end time Sep-17-10 091710 PDT).url
[2010/08/23 20:31:29 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Amazon.com Camco 59133 RV Brass 90 Tee with 3 ports Automotive.url
[2010/08/19 13:04:21 | 000,013,417 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Costco Tire Hazard Warranty.pdf
[2010/08/15 14:18:37 | 002,998,272 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\ObeoTour_514342_369.exe
[2010/08/15 14:06:50 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Myrick Transitional Operations Org Structure 08152010.ppt
[2010/08/14 11:09:08 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Myrick Transitional Operations Org Structure 08142010.ppt
[2010/08/13 14:47:19 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Myrick Transitional Operations Org Structure 08132010.ppt
[2010/08/12 11:07:00 | 002,109,809 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\8-12-2010 - Work Release Form - Home.PDF
[2010/08/11 13:00:30 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Campground Details - South Meadows (CO), CO - ReserveAmerica - [NRSO].url
[2010/08/10 11:38:34 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Terracina Lighting with Summary.xls
[2010/08/10 11:08:28 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Terracina Lighting.xls
[2010/08/10 10:28:49 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Osorio takeoff-slo.xls
[2010/08/07 08:13:42 | 000,000,394 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Blue Rhino - Outdoor LP Gas Barbecue Grills.url
[2010/08/03 18:54:10 | 000,432,135 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\IMG_2691.JPG
[2010/07/22 17:56:17 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\To avoid a conflict with your Internet Service Provider.doc
[2010/07/21 21:14:35 | 002,823,290 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\wgt624v3_ref_manual_25Apr05.pdf
[2010/06/25 19:34:30 | 001,079,292 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\Lacrosse 9080.pdf
[2010/06/13 07:11:11 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Barbecue University®.url
[2010/02/20 11:18:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/30 20:41:39 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\rx_audio.Cache
[2009/04/30 20:40:45 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\rx_image32.Cache
[2009/04/26 09:35:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll
[2009/04/26 09:35:02 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll
[2009/04/26 09:34:40 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll
[2009/04/26 09:34:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll
[2009/04/26 09:34:39 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll
[2009/04/26 09:34:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmoem.dll
[2009/04/26 09:34:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDMPMON.DLL
[2009/04/26 09:34:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDMFXPU.DLL
[2009/04/26 09:28:09 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini
[2009/04/26 09:27:57 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll
[2009/04/26 09:27:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll
[2009/03/28 08:40:58 | 000,004,132 | ---- | C] () -- C:\WINDOWS\estwn323.ini
[2009/01/14 22:11:49 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Epscan2.INI
[2008/12/21 10:48:02 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2008/12/15 12:27:50 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/12/15 12:27:50 | 000,000,177 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2008/12/15 12:27:49 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2008/12/15 12:27:48 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2008/12/15 09:23:15 | 000,038,329 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Tab Separated Values (Windows).ADR
[2008/12/15 09:22:44 | 000,009,302 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Tab Separated Values (Windows).EML
[2008/12/15 09:21:52 | 000,012,992 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Tab Separated Values (Windows).CAL
[2008/12/07 11:13:54 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/06 13:45:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\wklnhst.dat
[2008/12/06 13:23:47 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/06 11:37:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\fusioncache.dat
[2008/12/01 06:14:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/01 05:33:31 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/12/01 05:32:06 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/04/26 09:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series
[2010/08/28 12:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2008/12/21 16:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/01/23 12:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/12/01 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/01 06:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/08/29 17:12:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2009/09/04 05:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\5000 Series
[2010/04/22 19:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Facebook
[2008/12/21 16:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\GARMIN
[2009/04/26 09:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Lexmark Productivity Studio
[2010/08/08 13:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\LimeWire
[2008/12/21 16:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Southwest Airlines
[2008/12/06 13:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Template
[2010/09/01 20:37:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/01 20:15:30 | 000,003,396 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/07 15:12:52 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/09/01 17:58:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/01 20:30:09 | 000,011,827 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/14 10:21:26 | 000,088,560 | ---- | M] (Sonic Solutions) -- C:\DC_ShellExt.dll
[2008/12/01 05:35:26 | 000,007,845 | RH-- | M] () -- C:\dell.sdr
[2009/09/04 05:29:24 | 000,000,000 | ---- | M] () -- C:\faxendPdoc.log
[2010/02/21 14:24:25 | 000,005,072 | -H-- | M] () -- C:\ffastun.ffa
[2010/02/21 14:24:23 | 001,638,400 | -H-- | M] () -- C:\ffastun.ffl
[2010/02/21 14:24:24 | 000,770,048 | -H-- | M] () -- C:\ffastun.ffo
[2010/02/21 14:24:23 | 007,098,368 | -H-- | M] () -- C:\ffastun0.ffx
[2008/12/07 10:23:29 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/08/06 16:31:30 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/28 13:17:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/01 20:15:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/07/12 20:40:02 | 1340,535,806 | ---- | M] () -- C:\PutDataSample.yuv

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/05/03 05:38:35 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdmdrpp.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 16:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 16:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 16:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 18:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 18:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 18:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Andy\Desktop\dxva_sig.txt:SummaryInformation
< End of report >

 

OTL Extras logfile created on: 9/1/2010 8:46:07 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.69 Gb Total Space | 428.78 Gb Free Space | 92.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDYNSHELL
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\lxdmcoms.exe" = C:\WINDOWS\system32\lxdmcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 5000 Series\lxdmamon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 5000 Series\frun.exe" = C:\Program Files\Lexmark 5000 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmmon.exe:*:Enabledrinter Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe:*:Enabledrinter Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark 5000 Series\LXDMFax.exe" = C:\Program Files\Lexmark 5000 Series\LXDMFax.exe:*:Enabled:Fax Solutions Software -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8F971101-FCBD-4293-B917-D5A14FD1DAF9}" = City Navigator North America v7
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A75949C3-DC28-42CA-9C56-24C002B93D89}" = Garmin City Navigator North America v8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D678209B-B921-4A30-8A41-70A4A29F22CD}" = Garmin MapSource
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PhotoDeluxe Home Edition 3.0" = Adobe PhotoDeluxe Home Edition 3.0
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark 5000 Series" = Lexmark 5000 Series
"LimeWire" = LimeWire 5.4.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"Tweak UI 2.10" = Tweak UI
"Webshots" = Webshots!
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/15/2010 11:44:14 AM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

Error - 8/16/2010 11:32:20 AM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

Error - 8/17/2010 11:33:25 AM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

Error - 8/18/2010 11:32:20 AM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

Error - 8/19/2010 11:32:20 AM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

Error - 8/23/2010 4:45:22 PM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

Error - 8/26/2010 7:07:53 PM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

Error - 8/29/2010 11:02:20 AM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 8/29/2010 11:39:48 AM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 9/1/2010 9:03:53 AM | Computer Name = ANDYNSHELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

[ Application Events ]
Error - 8/29/2010 4:44:08 PM | Computer Name = ANDYNSHELL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/29/2010 4:44:08 PM | Computer Name = ANDYNSHELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/29/2010 4:44:08 PM | Computer Name = ANDYNSHELL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/29/2010 4:44:08 PM | Computer Name = ANDYNSHELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/29/2010 4:46:00 PM | Computer Name = ANDYNSHELL | Source = Application Hang | ID = 1002
Description = Hanging application avast.setup, version 4.8.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2010 5:05:19 PM | Computer Name = ANDYNSHELL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/29/2010 5:05:19 PM | Computer Name = ANDYNSHELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/29/2010 7:13:07 PM | Computer Name = ANDYNSHELL | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/29/2010 7:35:23 PM | Computer Name = ANDYNSHELL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/29/2010 7:35:23 PM | Computer Name = ANDYNSHELL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 9/1/2010 8:02:23 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 9/1/2010 8:02:25 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro

Error - 9/1/2010 8:25:15 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService
service to connect.

Error - 9/1/2010 8:25:15 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7000
Description = The lxdmCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 9/1/2010 8:25:15 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 9/1/2010 8:25:17 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro

Error - 9/1/2010 10:15:54 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService
service to connect.

Error - 9/1/2010 10:15:54 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7000
Description = The lxdmCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 9/1/2010 10:15:54 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 9/1/2010 10:15:57 PM | Computer Name = ANDYNSHELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro


< End of report >

 

Broni, I want to thank you for all your time with this. I am off to work this morning but will run these items when I get home.
The computer seems to be running good, but as I mentioned last night I ran AVAST and it found that Win32:Alureon-FZ, so I don't know what is up with that.

I will post when I get home.

Thanks again Broni

 

Broni, the Java would not install, I have the error messages if u want them

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {32C3FEAE-0877-4767-8C20-62A5829A0945}
C:\WINDOWS\Downloaded Program Files\axfbootloader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\003013_.tmp deleted successfully.
ADS C:\Documents and Settings\Andy\Desktop\dxva_sig.txt:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 321 bytes

User: All Users

User: Andy
->Temp folder emptied: 18501013 bytes
->Temporary Internet Files folder emptied: 5681510 bytes
->Java cache emptied: 60906288 bytes
->Flash cache emptied: 298255 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 321 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 564 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 16131 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16474 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Andy
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09022010_170926

Files\Folders moved on Reboot...
C:\Documents and Settings\Andy\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\T5S31JPJ\94881-active-get-pop-ups-when-starting-ie-7-even-pop-up-blocker-active-2[1].html moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\T5S31JPJ\iframescript[1].html moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\SYJI1ALN\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].html moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\SYJI1ALN\ads[1].html moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\089TPTTF\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_648.dat moved successfully.

Registry entries deleted on Reboot...

 

Just tried running the Security Check and got this error message " C:\Documents and Settings\Andy\Desktop\SecurityCheck.exe is not a valid Win32 application.

 

Broni, what does "Off line" installation file mean?

 

While I am running Kaspersky I thought I would show you what the error messages were earlier for the Java, I just want to make sure if I delete older versions that I will be able to download and install the newer version since one of these errors makes it sound like it is the Windows installer.

"lib\deploy,jar: old filenot found. However a file of the same name was found. No update done since file contents do not match. "


Java update fails to apply changes to your system


"Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.

 

Kaspersky found nothing so there was nothing in the log. I installed Java as you requested.

 

Broni, I can't thank you enough for all your time and help! I will give the computer a good test run after the Labor Day weekend, we are leaving in a little while to make it a 4 day weekend. I might have a couple of questions for you when we get back if that is alright?

Thanks again and have a great weekend.