Solved WMP is freezing, also Windows Movie Maker

Hi broni,
Here is the latest scan.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/28/2010 at 04:34 AM

Application Version : 4.47.1000

Core Rules Database Version : 6079
Trace Rules Database Version: 3891

Scan type : Complete Scan
Total Scan Time : 08:33:28

Memory items scanned : 267
Memory threats detected : 0
Registry items scanned : 9076
Registry threats detected : 0
File items scanned : 306180
File threats detected : 2

Application.PowerReg Scheduler
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8800E18D-C728-4723-8967-2D79B09AC8E4}\RP883\A0123315.EXE
C:\WINDOWS\PSS\POWERREG SCHEDULER V3.EXESTARTUP

 

OTL Extras logfile created on: 12/28/2010 4:05:34 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 98.10 Gb Free Space | 32.91% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 227.16 Gb Free Space | 48.77% Space Free | Partition Type: NTFS
Drive K: | 596.17 Gb Total Space | 79.51 Gb Free Space | 13.34% Space Free | Partition Type: NTFS
Drive M: | 596.17 Gb Total Space | 173.01 Gb Free Space | 29.02% Space Free | Partition Type: NTFS

Computer Name: LEWIS-AE0B75C2F | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title " " -tags " " ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\Ubisoft\XIII\system\XIII.exe" = C:\Program Files\Ubisoft\XIII\system\XIII.exe:*:Enabled:XIII -- ()
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0712667C-A171-49AE-A098-4ACDA28625F8}" = Sony Sound Forge 7.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C5E3B0-3402-4AF5-8656-2D76B80FB6ED}" = Miracle C Shareware Package
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{23ACC27F-ACB4-4F1A-9B56-D70098974A4F}" = MSTS Paint Shed
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FDD9D12-46C9-4156-A4A0-55297B9498CA}" = Tiger Woods PGA TOUR 2005
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A271BC-9147-4074-B8FA-C222E6C5084D}" = ArcSoft Panorama Maker 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B6E8CD-7FAD-4647-A646-B8E36719EF98}" = Radiotracker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7EC5D875-676B-47DA-8D57-0D560EE7CA46}" = OpenVPN Client
"{7F7DDA0E-710A-40FF-A50C-704312A243CB}" = Gravity 2.9
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA1B9602-3120-4A28-913B-AAA59A2CEEEB}" = Sony Player Plug-in for Windows Media Player
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AE84E7FF-4DEC-48EC-BBA9-9A808E48DF8E}_is1" = Free MP3 Recorder 1.0
"{B123EBD8-89B7-4834-B06D-F758815E1033}" = Nero 7 Ultra Edition
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B36649A3-D0DD-4706-B042-F5B384529C7A}" = Scrabble Complete
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAABC101-66C3-4708-A793-3EC0025EF348}" = Jack the Ripper
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A3D4B6-B8EB-41DB-0086-D0CE4DCB566C}" = F1 2002
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe PhotoDeluxe Home Edition 3.0" = Adobe PhotoDeluxe Home Edition 3.0
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Arachnophilia 5.3_is1" = Arachnophilia 5.3
"Arachnophilia version 4.0_is1" = Arachnophilia version 4.0
"Ashampoo Media Player+_is1" = Ashampoo Media Player+ 2.03
"Astra SiteManager Uninstall" = Astra SiteManager
"AWASU_is1" = Awasu Personal Edition 2.3
"Backup4all 3_is1" = Backup4all 3
"Battlecraft 19422.1" = Battlecraft 1942
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BCWipe" = BCWipe 2.0
"BFG-Agatha Christie - 450 from Paddington" = Agatha Christie: 4:50 from Paddington
"BFG-Art of Murder - FBI Confidential" = Art of Murder: FBI Confidential
"BFG-Artifacts of the Past - Ancient Mysteries" = Artifacts of the Past: Ancient Mysteries
"BFG-Awakening - The Dreamless Castle" = Awakening: The Dreamless Castle
"BFG-Azada" = Azada ™
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Parables - Curse of Briar Rose" = Dark Parables: Curse of Briar Rose
"BFG-Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue" = Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
"BFG-Dr. Lynch - Grave Secrets" = Dr. Lynch: Grave Secrets
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic ™
"BFG-Hidden Identity - Chicago Blackout" = Hidden Identity: Chicago Blackout
"BFG-Hidden Mysteries - Buckingham Palace" = Hidden Mysteries: Buckingham Palace ™
"BFG-Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries: The Edgar Allan Poe Conspiracy
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Mystery in London" = Mystery in London
"BFG-Nightfall Mysteries - Asylum Conspiracy" = Nightfall Mysteries: Asylum Conspiracy
"BFG-Nightfall Mysteries - Curse of the Opera" = Nightfall Mysteries: Curse of the Opera
"BFG-Penny Dreadfuls - Sweeney Todd Collector's Edition" = Penny Dreadfuls: Sweeney Todd Collector`s Edition
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"BFG-Samantha Swift and the Hidden Roses of Athena" = Samantha Swift and the Hidden Roses of Athena
"BFG-Special Enquiry Detail - The Hand that Feeds" = Special Enquiry Detail: The Hand that Feeds
"BFG-Strange Cases - The Lighthouse Mystery Collectors Edition" = Strange Cases: The Lighthouse Mystery Collector's Edition
"BFG-The Lost Cases of 221B Baker St" = The Lost Cases of 221B Baker St.
"BFG-The Mystery of the Crystal Portal - Beyond the Horizon" = The Mystery of the Crystal Portal: Beyond the Horizon
"BFG-Tiger Eye - Part I - Curse of the Riddle Box" = Tiger Eye - Part I: Curse of the Riddle Box
"BFG-Time Dreamer" = Time Dreamer
"BFG-Treasure Seekers - Follow the Ghosts Collector's Edition" = Treasure Seekers: Follow the Ghosts Collector's Edition
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CodeStuff Starter" = CodeStuff Starter
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"dBworx_is1" = dBworx ver 3.4 (Freeware)
"Dream Chronicles1.0" = Dream Chronicles
"DVD43_is1" = DVD43 v4.6.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Escape The Museum1.0" = Escape The Museum
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FileZilla Client" = FileZilla Client 3.3.4.1
"FlashPeak BlazeFtp_is1" = FlashPeak BlazeFtp 2.0
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
"Free MP3 Sound Recorder_is1" = Free MP3 Sound Recorder v1.9
"FreeBASIC" = FreeBASIC 0.20.0b
"Google Updater" = Google Updater
"Harry's Filters_is1" = Harry's Filters 3.01
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0PR
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PageKeeperLite Uninstall" = PageKeeper Standard 3.0
"Picasa 3" = Picasa 3
"ProTrain 1.1 US 1.1" = ProTrain 1.1 US 1.1
"RealPlayer 12.0" = RealPlayer
"ReBirth 2" = ReBirth RB-338 2.01
"repliGATOR" = repliGATOR
"Satellite TV for PC Elite" = Satellite TV for PC Elite 4.8.8.0
"ScMgr30Uninstall" = Scan Manager 3.1
"SimCity2000CDv1" = SimCity 2000® Special Edition
"SiS163u" = 802.11 USB Wireless LAN Adapter
"The Rise of Atlantis" = The Rise of Atlantis (remove only)
"Train Simulator 1.0" = Microsoft Train Simulator
"TVAnts 1.0" = TVAnts 1.0
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.0.0.11 RC7
"vr3d" = vr3d
"Web Album Generator_is1" = Web Album Generator 1.8.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XanaNews_is1" = XanaNews 1.18.1.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Forgotten Riddles - The Mayan Princess" = Forgotten Riddles - The Mayan Princess (remove only)
"Google Chrome" = Google Chrome
"Hidden Relics" = Hidden Relics

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2010 2:57:57 PM | Computer Name = LEWIS-AE0B75C2F | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/26/2010 8:46:09 PM | Computer Name = LEWIS-AE0B75C2F | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5262, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2010 8:46:13 PM | Computer Name = LEWIS-AE0B75C2F | Source = Application Hang | ID = 1001
Description = Fault bucket 1928113026.

Error - 12/27/2010 1:51:05 AM | Computer Name = LEWIS-AE0B75C2F | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5262, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 1:51:13 AM | Computer Name = LEWIS-AE0B75C2F | Source = Application Hang | ID = 1001
Description = Fault bucket 1928113026.

Error - 12/27/2010 1:54:38 AM | Computer Name = LEWIS-AE0B75C2F | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5262, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 1:54:39 AM | Computer Name = LEWIS-AE0B75C2F | Source = Application Hang | ID = 1001
Description = Fault bucket 1928113026.

Error - 12/27/2010 6:44:38 PM | Computer Name = LEWIS-AE0B75C2F | Source = Application Error | ID = 1000
Description = Faulting application ws_ftp95.exe, version 5.0.0.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 12/27/2010 7:59:57 PM | Computer Name = LEWIS-AE0B75C2F | Source = Application Error | ID = 1000
Description = Faulting application ws_ftp95.exe, version 5.0.0.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

[ System Events ]
Error - 12/27/2010 8:54:11 PM | Computer Name = LEWIS-AE0B75C2F | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/27/2010 8:54:11 PM | Computer Name = LEWIS-AE0B75C2F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Tcpip6

Error - 12/27/2010 8:54:31 PM | Computer Name = LEWIS-AE0B75C2F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/27/2010 8:54:38 PM | Computer Name = LEWIS-AE0B75C2F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/27/2010 8:54:54 PM | Computer Name = LEWIS-AE0B75C2F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/27/2010 8:56:47 PM | Computer Name = LEWIS-AE0B75C2F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/27/2010 8:57:54 PM | Computer Name = LEWIS-AE0B75C2F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
" " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 12/28/2010 10:44:09 AM | Computer Name = LEWIS-AE0B75C2F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/28/2010 10:47:33 AM | Computer Name = LEWIS-AE0B75C2F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 12/28/2010 10:47:43 AM | Computer Name = LEWIS-AE0B75C2F | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}


< End of report >

 

hi broni,
I can't seem to post the other report.
Lewis

 

OTL logfile created on: 12/28/2010 4:05:34 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 98.10 Gb Free Space | 32.91% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 227.16 Gb Free Space | 48.77% Space Free | Partition Type: NTFS
Drive K: | 596.17 Gb Total Space | 79.51 Gb Free Space | 13.34% Space Free | Partition Type: NTFS
Drive M: | 596.17 Gb Total Space | 173.01 Gb Free Space | 29.02% Space Free | Partition Type: NTFS

Computer Name: LEWIS-AE0B75C2F | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 16:03:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/12/14 15:02:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/08/06 16:23:26 | 000,024,064 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2010/03/13 15:19:18 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/26 21:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/01/19 14:18:52 | 000,827,392 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/10/31 09:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 16:03:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/06 16:23:26 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2009/01/19 14:18:52 | 000,827,392 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/22 00:25:46 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2008/07/18 16:16:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/08/03 15:25:28 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/10 20:12:44 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 00:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/17 00:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 20:12:50 | 005,851,488 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/15 20:12:20 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2008/01/15 20:10:51 | 004,609,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/27 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2007/07/27 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007/05/11 18:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/05/10 17:03:00 | 006,738,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/09/05 02:16:04 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2005/07/07 03:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/10 05:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 05:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/04/18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 16:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2002/08/08 14:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca "
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/13 15:20:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/27 20:25:40 | 000,000,000 | ---D | M]

[2010/08/19 22:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/08/19 22:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\net.openvpn.client
[2010/03/10 00:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\my7rdxsx.default\extensions
[2009/11/12 15:57:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\my7rdxsx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/01 10:23:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 20:25:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/01 10:23:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/27 01:31:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225642572609 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/16 13:25:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - lhacm.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55464181163360256)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 16:03:05 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/27 19:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/27 19:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/12/27 19:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/27 17:19:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/27 17:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010/12/27 17:13:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/12/27 17:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\OLYMPUS
[2010/12/27 01:20:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/27 01:16:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/27 01:16:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/27 01:16:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/27 01:16:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/27 01:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/27 01:15:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/26 13:59:12 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/26 13:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sunbelt Software
[2010/12/26 10:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (3)
[2010/12/23 00:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Al's
[2010/12/23 00:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\pics1
[2010/12/22 22:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\test
[2010/12/22 21:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MorePics4
[2010/12/22 19:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\morepics3
[2010/12/22 18:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\mor2 pics2
[2010/12/21 10:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\1dds
[2010/12/19 11:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/12/19 11:54:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/19 11:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/19 11:54:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 11:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/16 23:29:01 | 000,000,000 | ---D | C] -- C:\CanadianpickerCOM
[2010/12/14 18:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
[2010/12/11 15:32:19 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2010/12/11 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/12/05 17:38:39 | 000,000,000 | ---D | C] -- C:\4sale
[2002/04/10 20:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/12/28 16:06:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{298EE511-60FE-41A3-9968-57F06043CCB1}.job
[2010/12/28 16:03:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/28 15:59:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-764733703-839522115-500UA.job
[2010/12/28 15:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/28 15:04:04 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2010/12/28 14:14:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/28 09:47:43 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/12/28 09:47:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/28 09:47:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 09:47:34 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-764733703-839522115-500.job
[2010/12/28 09:45:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/27 19:46:42 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/27 17:13:42 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CAMEDIA Master.lnk
[2010/12/27 09:25:01 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 08:59:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-764733703-839522115-500Core.job
[2010/12/27 01:31:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/27 01:30:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/27 01:20:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/27 01:02:34 | 003,998,686 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/26 21:01:29 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Administrator\Shortcut to Administrator.lnk
[2010/12/26 13:59:12 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/26 13:30:56 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\avgscandec26a.csv
[2010/12/26 10:37:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/26 10:29:53 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010/12/26 10:29:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/25 23:28:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-764733703-839522115-500.job
[2010/12/23 00:46:38 | 000,234,040 | ---- | M] () -- C:\Serviceby Chris&Nezz1.jpg
[2010/12/22 18:36:49 | 000,440,430 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\picdwnld+more2010.nri
[2010/12/21 13:45:47 | 000,007,886 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\avg scan dec21 10.csv
[2010/12/19 19:46:42 | 000,000,754 | ---- | M] () -- C:\WINDOWS\wordpad.INI
[2010/12/19 18:12:30 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/12/19 18:12:30 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/12/19 11:54:42 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/19 11:08:26 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\scan1.csv
[2010/12/18 23:22:12 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2010/12/18 23:20:08 | 000,436,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/18 23:20:08 | 000,068,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/18 23:18:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/18 23:18:38 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/18 16:27:02 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/12/18 14:17:28 | 001,539,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/18 13:52:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

 

Hi broni,
I hope I gat that right.
Lewis

 

Hi broni,
I think this is it.
Lewis
========== Files Created - No Company Name ==========

[2010/12/27 19:46:42 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/27 19:43:51 | 003,998,686 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/27 17:13:42 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CAMEDIA Master.lnk
[2010/12/27 09:54:20 | 1031,951,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tape#102a.avi
[2010/12/27 09:24:58 | 2100,535,292 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sequence 01.avi
[2010/12/27 01:20:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/27 01:20:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/27 01:16:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/27 01:16:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/27 01:16:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/27 01:16:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/27 01:16:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/26 21:01:29 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Administrator\Shortcut to Administrator.lnk
[2010/12/26 18:05:38 | 000,058,102 | ---- | C] () -- C:\Documents and Settings\Administrator\scan AdAware 26.12.2010.txt
[2010/12/26 13:30:56 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\avgscandec26a.csv
[2010/12/23 00:46:38 | 000,234,040 | ---- | C] () -- C:\Serviceby Chris&Nezz1.jpg
[2010/12/22 18:36:49 | 000,440,430 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\picdwnld+more2010.nri
[2010/12/21 13:45:47 | 000,007,886 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\avg scan dec21 10.csv
[2010/12/20 11:18:10 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Administrator\mbam-log-2010-12-20 (10-41-24).txt
[2010/12/19 11:54:42 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/19 11:08:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\scan1.csv
[2010/12/18 23:22:12 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2010/12/18 16:27:02 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/11/04 18:33:13 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2010/04/30 17:03:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/03/06 13:24:03 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2010/03/01 19:13:53 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 16:35:15 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/11/09 16:35:15 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/11/09 16:35:15 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2009/10/20 18:48:30 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2009/09/12 22:52:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/09/12 15:39:47 | 000,000,193 | ---- | C] () -- C:\WINDOWS\EPSON 1260_1660 Installer.ini
[2009/08/20 21:06:59 | 000,000,209 | ---- | C] () -- C:\WINDOWS\REPLIG.INI
[2009/07/25 09:54:20 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/07/01 15:17:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/06/29 14:12:51 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/13 13:44:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2009/06/13 13:16:44 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2009/06/13 13:16:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2009/06/13 13:16:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2009/06/03 09:15:09 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2009/05/20 22:41:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/05/17 00:18:28 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ahd3.ini
[2009/04/29 12:10:50 | 000,000,058 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2009/04/13 00:07:00 | 000,000,216 | ---- | C] () -- C:\WINDOWS\PKVIEW.INI
[2009/03/30 21:42:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/15 11:54:21 | 000,000,177 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2009/03/15 11:54:20 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/03/15 11:54:15 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2009/03/15 11:54:15 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2009/02/10 01:16:47 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009/02/10 01:16:47 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/12/28 18:10:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\artgall.ini
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/30 23:06:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PKTOPASS.INI
[2008/11/30 14:39:32 | 000,000,083 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/11/30 14:22:57 | 000,000,457 | ---- | C] () -- C:\WINDOWS\ORS.INI
[2008/11/25 18:18:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Smenu.INI
[2008/10/29 21:19:55 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2008/10/29 21:19:55 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2008/10/11 15:28:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini
[2008/10/11 15:27:59 | 000,000,142 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/10/11 15:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/17 22:27:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2008/08/31 10:57:04 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/08/31 10:56:59 | 000,000,163 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2008/08/31 08:57:42 | 000,000,062 | ---- | C] () -- C:\WINDOWS\FOWIN.INI
[2008/08/20 22:35:44 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/19 00:40:51 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/08/19 00:40:51 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/08/19 00:40:51 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/08/19 00:40:50 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/08/19 00:40:50 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/08/12 11:44:16 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/07/26 14:13:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/07/26 14:12:36 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2008/07/23 18:29:19 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/07/18 22:12:45 | 000,000,416 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/18 17:31:10 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/07/18 17:28:13 | 000,009,457 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/07/18 16:24:34 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/17 21:03:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/16 14:04:10 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2008/07/16 08:19:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/12 00:11:58 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/07/27 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2007/07/27 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2007/07/27 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2007/07/27 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2007/07/27 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2007/05/21 00:51:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\csExWBDLMan.dll
[2007/05/10 17:03:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/10 17:03:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/10 17:03:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/10 17:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/05/10 17:03:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/03 06:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/10/02 05:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/05/24 10:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Artogon
[2008/07/29 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Awasu
[2010/08/19 23:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/10/22 09:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
[2010/04/19 16:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Boomzap
[2010/05/23 19:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2010/05/02 14:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2010/07/17 12:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DarkParablesBriarRoseSE_BFG
[2010/08/07 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DIMAGE
[2009/10/09 16:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2010/07/09 11:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ERS G-Studio
[2010/10/01 18:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/04/19 12:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flood Light Games
[2010/07/31 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Floodlight Games
[2009/10/23 22:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ForgottenRiddles
[2009/07/04 00:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabIt
[2009/11/07 18:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GraveyardShift
[2009/10/13 14:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gravity
[2008/07/17 10:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/03/17 00:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jasc
[2010/08/09 19:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KranX Productions
[2008/07/26 14:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/06/13 17:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LegacyInteractive
[2009/06/05 21:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nvu
[2010/08/19 22:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenVPN Technologies
[2009/09/19 14:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2008/08/15 11:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2009/02/10 01:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smart Recorder
[2009/07/30 15:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/05/21 10:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SulusGames
[2010/08/19 23:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/07/13 11:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TikisLab
[2008/07/23 16:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010/08/06 11:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vast Studios
[2008/07/23 13:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AcrobatInstall
[2010/12/27 01:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/01 19:17:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/01 19:28:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/05/23 19:49:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/10/09 16:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/06/17 21:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/04/19 12:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/07/31 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2009/10/13 14:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2008/07/29 09:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/08/19 00:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2008/11/26 10:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/06/17 09:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/12/27 17:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2008/08/15 11:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/10/20 18:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/07/23 18:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/05/21 10:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/11/07 19:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/07 16:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2010/12/27 01:30:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/12/28 16:06:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{298EE511-60FE-41A3-9968-57F06043CCB1}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/12/31 16:17:57 | 000,144,882 | ---- | M] () -- C:\210749247_o.jpg
[2010/02/13 12:38:49 | 000,098,396 | ---- | M] () -- C:\57cb1.jpg
[2010/02/13 12:36:20 | 000,090,588 | ---- | M] () -- C:\58mp8.jpg
[2010/02/13 12:36:10 | 000,147,737 | ---- | M] () -- C:\5lgdc1.jpg
[2010/12/27 01:27:41 | 000,000,668 | ---- | M] () -- C:\aaw7boot.log
[2010/05/02 16:14:51 | 000,001,583 | ---- | M] () -- C:\arsnel1.html
[2009/08/19 11:00:38 | 000,016,306 | ---- | M] () -- C:\aug29.html
[2008/07/16 13:25:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/19 22:14:30 | 000,002,823 | ---- | M] () -- C:\beer1.html
[2008/11/18 20:28:55 | 000,119,055 | ---- | M] () -- C:\ber1.jpg
[2008/11/18 20:28:56 | 000,056,623 | ---- | M] () -- C:\ber10.jpg
[2008/11/18 20:28:58 | 000,066,188 | ---- | M] () -- C:\ber11.jpg
[2008/11/18 20:28:58 | 000,115,847 | ---- | M] () -- C:\ber3.jpg
[2008/11/18 20:28:59 | 000,119,126 | ---- | M] () -- C:\ber4.jpg
[2010/12/26 10:37:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/27 01:20:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/02/11 21:46:26 | 000,106,933 | ---- | M] () -- C:\clsd1.jpg
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/27 01:36:41 | 000,016,590 | ---- | M] () -- C:\ComboFix.txt
[2008/07/16 13:25:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/02 16:15:46 | 000,004,329 | ---- | M] () -- C:\cricket1.html
[2010/11/09 09:57:31 | 000,115,555 | ---- | M] () -- C:\Ei&paul1.jpg
[2009/05/15 23:06:31 | 000,000,050 | ---- | M] () -- C:\extremetracking.txt
[2010/12/19 18:12:30 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/12/19 18:12:30 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2009/08/19 11:00:38 | 000,016,323 | ---- | M] () -- C:\future.htm
[2008/07/16 13:25:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/12 19:46:21 | 000,018,504 | ---- | M] () -- C:\ksand.gif
[2010/11/04 13:13:34 | 000,197,443 | ---- | M] () -- C:\lewisicecreamjulie1a.jpg
[2008/07/30 17:42:24 | 000,006,821 | ---- | M] () -- C:\logfile
[2008/11/06 21:53:55 | 000,094,902 | ---- | M] () -- C:\mrtg1.jpg
[2008/07/16 13:25:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/07/27 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/17 16:46:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/24 18:48:53 | 000,000,424 | ---- | M] () -- C:\OmarKhadr.txt
[2010/12/28 09:45:41 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/11/08 12:07:37 | 000,000,491 | ---- | M] () -- C:\pickering contact.rtf
[2009/11/09 19:12:50 | 004,733,259 | ---- | M] () -- C:\Pleasure Tree.wmv
[2008/07/17 16:40:11 | 000,001,174 | ---- | M] () -- C:\pop.broadband.rogers.com.iaf
[2010/11/04 13:14:45 | 000,153,022 | ---- | M] () -- C:\queenSt1a.jpg
[1999/07/27 21:59:52 | 000,041,216 | -H-- | M] () -- C:\rb20crk.dat
[2008/07/16 14:06:11 | 000,000,206 | ---- | M] () -- C:\realtek.log
[2008/07/16 14:06:11 | 000,000,581 | ---- | M] () -- C:\RHDSetup.log
[2009/09/12 15:59:49 | 000,555,184 | ---- | M] () -- C:\ScanImage001.jpg
[2010/12/23 00:46:38 | 000,234,040 | ---- | M] () -- C:\Serviceby Chris&Nezz1.jpg
[2008/12/31 00:37:09 | 000,000,274 | ---- | M] () -- C:\Shipping Question.rtf
[2008/10/26 13:20:14 | 000,000,280 | ---- | M] () -- C:\Shortcut to LaCie (F).lnk
[2008/08/05 00:15:27 | 001,278,265 | ---- | M] () -- C:\sunset.jpg
[2010/12/26 18:07:26 | 000,041,466 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_26.12.2010_14.49.04_log.txt
[2009/05/04 15:56:12 | 000,000,036 | ---- | M] () -- C:\terry.txt
[2008/11/30 21:18:56 | 000,008,192 | ---- | M] () -- C:\ToPassSrv.Dat
[2009/11/13 09:45:40 | 000,000,905 | ---- | M] () -- C:\updatedatfix.log
[2009/07/05 19:41:30 | 000,000,835 | ---- | M] () -- C:\worldFrameset-4.html
[2008/11/12 19:46:47 | 000,015,896 | ---- | M] () -- C:\wsand.gif
[2010/05/02 16:15:47 | 000,002,354 | ---- | M] () -- C:\WS_FTP.LOG
[2008/12/14 23:24:36 | 000,207,765 | ---- | M] () -- C:\ZEP1.jpg
[2008/12/14 23:24:25 | 000,276,601 | ---- | M] () -- C:\ZEPBACK.jpg

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/07/16 13:25:33 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/03/24 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9Y.DLL
[2009/03/24 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9Y.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/10/14 21:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1998/04/18 07:34:56 | 000,054,784 | ---- | M] (Storm Technology, Inc.) -- C:\WINDOWS\EasyPhoto Slide Show.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/08/12 11:44:16 | 000,000,000 | ---- | M] () -- C:\Program Files\temp01

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/07/16 08:17:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/16 08:17:36 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/16 08:17:36 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >
[2008/09/20 22:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2005\Courses\STA\cls\Bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/17 16:50:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/07/17 16:53:23 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/07/16 13:52:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/27 01:02:34 | 003,998,686 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/28 16:03:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/07/17 16:53:24 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/28 16:02:47 | 000,786,432 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2008/08/03 17:19:56 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F7FE589
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C8FA829
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A7BF72D
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4F0E275
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05670151
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1392F09D
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECFD9449
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71112705
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ECED34B
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1

< End of report >

 

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\WINDOWS\Updreg.EXE moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F7FE589 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4C8FA829 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9A7BF72D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B4F0E275 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05670151 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1392F09D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:206470A5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98982C88 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71612023 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A774141A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ECFD9449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71112705 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:090FB735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1ECED34B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90D89144 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 34380426 bytes
->Temporary Internet Files folder emptied: 45522869 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2341 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110305 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 5251347 bytes

Total Files Cleaned = 81.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12282010_184527

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4B4B.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4B58.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4BB2.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4BBF.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4BFC.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4C09.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEDCC.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEDD9.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE33.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE40.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE7D.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE8A.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8P0F4Y87\3055-2239_4-10320142[1].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8P0F4Y87\96866-active-wmp-freezing-also-windows-movie-maker-2[2].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8P0F4Y87\rok-get[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8P0F4Y87\search[1].htm moved successfully.

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
Adobe After Effects CS3 Presets
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 9.0.124.0
Mozilla Firefox (3.0.17) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

 

I dont use Firefox

 

C:\Documents and Settings\Administrator\Desktop\Folders\Hayden\soundforge7\Soundforge 7 KeyGen.rar a variant of Win32/Keygen.AQ application
C:\Documents and Settings\Administrator\Desktop\Folders\Hayden\soundforge7\Soundforge 7 KeyGen\keygen.exe a variant of Win32/Keygen.AQ application
C:\Documents and Settings\Administrator\Desktop\Folders\Hayden\vegas\CRACK\keygen.exe a variant of Win32/Keygen.AQ application
C:\EXE\adaware\noadware.exe multiple threats
C:\EXE\Zilla Free Audio Converter-Extractor 5.3.0.2\zacp5302.exe multiple threats

What do I need to do now?

 

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Administrator\Desktop\Folders\Hayden\soundforge7\Soundforge 7 KeyGen.rar moved successfully.
C:\Documents and Settings\Administrator\Desktop\Folders\Hayden\soundforge7\Soundforge 7 KeyGen\keygen.exe moved successfully.
C:\Documents and Settings\Administrator\Desktop\Folders\Hayden\vegas\CRACK\keygen.exe moved successfully.
File\Folder C:\EXE\adaware\noadware.exe multiple threats not found.
C:\EXE\Zilla Free Audio Converter-Extractor 5.3.0.2\zacp5302.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 515425 bytes
->Temporary Internet Files folder emptied: 13932572 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109563 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.18.0 log created on 12282010_224223

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF802F.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF803C.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF80AA.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF80B7.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF81DF.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF81EC.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3Z2UPKA9\online-scanner[1].htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temp\Perflib_Perfdata_778.dat not found!

Registry entries deleted on Reboot...

 

Thanks broni,
I made a small donation,
All the best,
Lewis