Solved Log files for review - Need help diagnosing

Xd23bgt · 2011/04/20

[Resolved] Log files for review - Need help diagnosing

Part 1 of long post

I have a PC running WinXP SP3 with an AMD 64x2 4400 processor, 4 GB RAM, Sapphire ATI HD4850, and 2 1TB hard drives set up as a RAID 1 (mirror), partitioned into C & D drives. This past Sunday (April 17) I was surfing using a Seamonkey (formerly Mozilla) browser. On a computer hardware review website, I got hit with a driveby download. SpySweeper 6.1 popped up and said the site was a known spyware site and I immediately closed the tab, but it was too late. Norton Security Suite 4 (Comcast version) said nothing. A MS installer popped up and began to install software. I immediately canceled the installation and my computer BSOD'd. When I tried to restart, it wouldn't boot. I booted from a Norton Internet Security 2010 CD and ran a virus check (using August '09 defs), but nothing came up. I then booted from a WinXP CD and ran fixmbr and fixboot. My system will now boot, but I don't know if its still infected. Scans with NAV and SpySweeper don't show anything. I tried to do a system restore from the previous day, but it failed. I later determined it was Norton interference, so finally got the restore to work today (Wednesday).

Based on your posting rules, I ran all the diagnostics you requested. Here are my results:

** Malwarebytes Anti-Malware:

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The registry "infections" are as I setup my system with NAV to turn off false alarms.

** GMER (Drive C):
Had a lot of trouble running this until I did the system restore and used a randomly named version of GMER.

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-20 14:37:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\000000a5 NVIDIA__ rev.
Running: 083pbffz.exe; Driver: K:\TEMP\uxddypog.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path1Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvgts \Device\Scsi\nvgts1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvgts \Device\Scsi\nvgts2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvrd32 \Device\Scsi\nvraid0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip 8B238F40
Device \Driver\Tcpip \Device\Ip 8B32D2D8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp 8B238F40
Device \Driver\Tcpip \Device\Tcp 8B32D2D8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp 8B238F40
Device \Driver\Tcpip \Device\Udp 8B32D2D8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp 8B238F40
Device \Driver\Tcpip \Device\RawIp 8B32D2D8

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Note: When I ran GMER in safe mode before system restore, it also flagged:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9D2C1A-DE30-DAB3-B80A-3CB0CA8BC7FA}]
"jajgfodbfdlkeiipllki "=hex:62,61,6e,68,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9D2C1A-DE30-DAB3-B80A-3CB0CA8BC7FA}]
"jajgfodbfdlkeiipllki "=hex:62,61,6e,68,00

[HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9D2C1A-DE30-DAB3-B80A-3CB0CA8BC7FA}]
"jajgfodbfdlkeiipllki "=hex:62,61,6e,68,00

[HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9D2C1A-DE30-DAB3-B80A-3CB0CA8BC7FA}]
"jajgfodbfdlkeiipllki "=hex:62,61,6e,68,00

** MBRCheck:
Tried running in both normal and safe mode. Hung up every time. Maybe due to RAID?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000143f

Kernel Drivers (total 192):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9F55000 pssync05.sys
0xBA0D8000 sshrmd.sys
0xBA0E8000 ssfs0bbc.sys
0xB9F27000 ssidrv.sys
0xB9EFA000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xBA328000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA0F8000 MountMgr.sys
0xB9EDB000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9EB5000 dmio.sys
0xB9EA2000 nvraid.sys
0xBA108000 \WINDOWS\system32\drivers\CLASSPNP.SYS
0xBA330000 PartMgr.sys
0xB9E7E000 nvrd32.sys
0xBA338000 pavboot.sys
0xBA118000 sfsync02.sys
0xBA128000 VolSnap.sys
0xB9E67000 nvatabus.sys
0xB9E50000 nvata.sys
0xB9E2B000 nvgts.sys
0xB9E13000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA138000 disk.sys
0xB9DF3000 fltmgr.sys
0xB9D9D000 SYMDS.SYS
0xB9D8B000 sr.sys
0xBA148000 Lbd.sys
0xB9D5E000 SYMEFA.SYS
0xBA158000 PxHelp20.sys
0xB9D47000 KSecDD.sys
0xB9CBA000 Ntfs.sys
0xBA340000 sfhlp02.sys
0xB9CA8000 sfdrv01.sys
0xBA168000 sbp2port.sys
0xB9C94000 psdrv02.sys
0xB9C7A000 Mup.sys
0xBA198000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9097000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xB816E000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB3CAB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB817E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9093000 \SystemRoot\system32\drivers\pfc.sys
0xBA3B0000 \SystemRoot\system32\drivers\iviaspi.sys
0xB815E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB814E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB3C88000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB3C09000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB3BE5000 \SystemRoot\system32\drivers\portcls.sys
0xB9639000 \SystemRoot\system32\drivers\drmk.sys
0xB3BB0000 \SystemRoot\system32\drivers\ctoss2k.sys
0xBA3C0000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xBA648000 \SystemRoot\system32\drivers\USBD.SYS
0xB3AF8000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0xB3D87000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0xB3D83000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xB3562000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xAF8B5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xAF88D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA66A000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA458000 \SystemRoot\system32\DRIVERS\fdc.sys
0xAFFEE000 \SystemRoot\system32\DRIVERS\serial.sys
0xAFCF3000 \SystemRoot\system32\DRIVERS\serenum.sys
0xAF879000 \SystemRoot\system32\DRIVERS\parport.sys
0xAFFDE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA470000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA7C8000 \SystemRoot\system32\drivers\msmpu401.sys
0xAFCEF000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xBA7CB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xAFDC6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xAFCEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xAF862000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xAFDB6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xAFDA6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xAF851000 \SystemRoot\system32\DRIVERS\psched.sys
0xAFD96000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA478000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA480000 \SystemRoot\system32\DRIVERS\raspti.sys
0xAF821000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xAFB9D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5B4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAF7C3000 \SystemRoot\system32\DRIVERS\update.sys
0xAFA30000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAFA2C000 \SystemRoot\system32\drivers\WmBEnum.sys
0xAFB8D000 \SystemRoot\system32\drivers\WmXlCore.sys
0xAFB7D000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
0xAFB6D000 \SystemRoot\system32\DRIVERS\RAMDisk.sys
0xAFB5D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAFB4D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x99452000 \SystemRoot\system32\drivers\ha20x2k.sys
0x99422000 \SystemRoot\system32\drivers\emupia2k.sys
0x993F9000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x9935D000 \SystemRoot\system32\drivers\ctac32k.sys
0x9931C000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x991D5000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x90F09000 \SystemRoot\system32\drivers\AtihdXP3.sys
0xBA490000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x90EE8000 \SystemRoot\system32\DRIVERS\eplsw2k.sys
0x96FE1000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xBA5FC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7E9000 \SystemRoot\System32\Drivers\Null.SYS
0xBA600000 \SystemRoot\System32\Drivers\Beep.SYS
0x96FD9000 \SystemRoot\system32\drivers\MTictwl.sys
0xB1EFF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB1EEF000 \SystemRoot\System32\drivers\vga.sys
0xBA604000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA60E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA438000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
0x96FC9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x90E4E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x90DF5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x90D9E000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS
0x90D78000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90D53000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB3CDF000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x90CFB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110415.003\IDSxpx86.sys
0x90CD3000 \SystemRoot\system32\DRIVERS\netbt.sys
0x90C9B000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0x90C79000 \SystemRoot\System32\drivers\afd.sys
0xBA2D8000 \SystemRoot\system32\drivers\ip6fw.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90C5A000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA2C8000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0x90C2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90E75000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA228000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA744000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0x90BBF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1E8000 \SystemRoot\System32\Drivers\Fips.SYS
0x90B61000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x90AE2000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0x90A1B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
0xBA62C000 \SystemRoot\system32\drivers\AsIO.sys
0xAFE26000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x909CF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAFE06000 \SystemRoot\system32\drivers\lvusbsta.sys
0x96F95000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA370000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB1ECF000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB1EBF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAF978000 \SystemRoot\system32\drivers\WmFilter.sys
0x96FFD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAFDF6000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0x96FDD000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0x90983000 \SystemRoot\System32\Drivers\dump_nvrd32.sys
0xAFDE6000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0x909BF000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA380000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAF8D0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF10C000 \SystemRoot\System32\atikvmag.dll
0xBF1BB000 \SystemRoot\System32\atiok3x2.dll
0xBF220000 \SystemRoot\System32\ati3duag.dll
0xBF9C5000 \SystemRoot\System32\ativvaxx.dll
0xBF5E7000 \SystemRoot\System32\ATMFD.DLL
0xBA4D4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C250000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9649000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA5C8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x8C0C7000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xBA428000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x8C06F000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA408000 \??\C:\WINDOWS\nvflash.sys
0x8BE67000 \??\C:\WINDOWS\system32\drivers\SECDRV.SYS
0x8BB2A000 \??\C:\APPLICAT\CyberLink\PowerDVD\000.fcl
0x8F3DA000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0x902E0000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110417.004\NAVEX15.SYS
0x8F29A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110417.004\NAVENG.SYS
0x8F386000 \SystemRoot\system32\CTEDSPSY.DLL
0x8BB87000 \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
0x8F1E6000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
492 C:\WINDOWS\system32\smss.exe
588 csrss.exe
632 C:\WINDOWS\system32\winlogon.exe
676 C:\WINDOWS\system32\services.exe
696 C:\WINDOWS\system32\lsass.exe
876 C:\DIAGS\SpySweep\WRConsumerService.exe
900 C:\WINDOWS\system32\ati2evxx.exe
920 C:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1048 C:\WINDOWS\system32\svchost.exe
1076 C:\WINDOWS\system32\ati2evxx.exe
1192 svchost.exe
1392 C:\WINDOWS\system32\spoolsv.exe
1476 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1604 alg.exe
1616 C:\HARDWARE\APCPowerChutePE\mainserv.exe
1640 C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
1672 C:\DIAGS\NSS\Engine\4.3.0.5\ccsvchst.exe
1864 C:\DIAGS\NSW\NORTON~1\NPROTECT.EXE
1896 C:\WINDOWS\explorer.exe
196 C:\WINDOWS\system32\HPZipm12.exe
260 C:\WINDOWS\system32\tcpsvcs.exe
312 C:\WINDOWS\system32\snmp.exe
380 C:\DIAGS\NSW\NORTON~1\SPEEDD~1\NOPDB.exe
436 C:\WINDOWS\system32\svchost.exe
564 C:\WINDOWS\system32\ups.exe
1072 C:\DIAGS\SpySweep\SpySweeper.exe
1544 C:\WINDOWS\system32\Ctxfihlp.exe
1652 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
1560 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
2272 C:\WINDOWS\system32\CtHelper.exe
2284 C:\HARDWARE\SoundBlasterX-Fi\DVDAudio\CTDVDDET.exe
2364 C:\WINDOWS\system32\CTxfispi.exe
2368 C:\WINDOWS\system32\LVCOMSX.EXE
2432 C:\HARDWARE\QuickCam\LogiTray.exe
2488 C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
2568 C:\DIAGS\SpySweep\SpySweeperUI.exe
2632 C:\WINDOWS\system32\ctfmon.exe
2692 C:\DIAGS\NSS\Engine\4.3.0.5\ccsvchst.exe
2812 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2832 C:\WINDOWS\system32\cmd.exe
2864 C:\HARDWARE\HP\Digital Imaging\bin\hpqtra08.exe
2892 C:\HARDWARE\SAMSUNG\NaturalColor\NaturalColorLoad.exe
2912 C:\GRAPHICS\PANORAMA\Panorama.exe
2956 C:\UTILITY\sc.exe
3008 C:\APPLICAT\TrayIcon\trayicon.exe
3024 C:\HARDWARE\APCPowerChutePE\apcsystray.exe
3052 C:\HARDWARE\QuickCam\FxSvr2.exe
3160 C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
3496 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3600 C:\HARDWARE\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe
3776 C:\WINDOWS\system32\wuauclt.exe
4000 wmiprvse.exe
3912 SSU.exe
4004 C:\APPLICAT\EXTENSO\Extenso4.exe
2948 C:\TMP9\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003d`093bfc00 (NTFS)
\\.\K: --> error 1

PhysicalDrive0 Model Number: NVIDIAMIRROR 931.51G, Rev:

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0

Software hung up......

Xd23bgt · 2011/04/20

Part 2

Part 2

** DDS:

DDS.txt
.
DDS (Ver_11-03-05.01) - FAT32x86
Run by R. Darrell Smith at 14:18:21.04 on Wed 04/20/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1683 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Disabled*
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\DIAGS\SpySweep\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\HARDWARE\APCPowerChutePE\mainserv.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\DIAGS\NSS\Engine\4.3.0.5\ccSvcHst.exe
C:\DIAGS\NSW\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\DIAGS\NSW\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\DIAGS\SpySweep\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\HARDWARE\SoundBlasterX-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\HARDWARE\QuickCam\LogiTray.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\DIAGS\SpySweep\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\HARDWARE\HP\Digital Imaging\bin\hpqtra08.exe
C:\HARDWARE\SAMSUNG\NaturalColor\NaturalColorLoad.exe
C:\GRAPHICS\Panorama\Panorama.exe
C:\HARDWARE\QuickCam\FxSvr2.exe
C:\UTILITY\sc.exe
C:\APPLICAT\TRAYICON\TRAYICON.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\HARDWARE\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe
C:\HARDWARE\APCPowerChutePE\apcsystray.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DIAGS\NSS\Engine\4.3.0.5\ccSvcHst.exe
C:\APPLICAT\EXTENSO\Extenso4.exe
C:\TMP9\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.atari.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\applicat\getright\xx2gr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\applicat\spybotsd\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\diags\nss\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\diags\nss\engine\4.3.0.5\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\diags\nss\engine\4.3.0.5\coIEPlg.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe "
mRun: [KernelFaultCheck] "c:\windows\system32\dumprep.exe" 0 -k
mRun: [NSWosCheck] "c:\diags\nsw\osCheck.exe "
mRun: [CTxfiHlp] "CTXFIHLP.EXE "
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll "
mRun: [UpdReg] "c:\windows\UpdReg.EXE "
mRun: [CTHelper] "c:\windows\system32\CTHELPER.EXE "
mRun: [CTDVDDET] "c:\hardware\soundblasterx-fi\dvdaudio\CTDVDDET.EXE "
mRun: [amd_dc_opt] "c:\hardware\amd\dual-coreoptimizer\amd_dc_opt.exe "
mRun: [LVCOMSX] "c:\windows\system32\LVCOMSX.EXE "
mRun: [LogitechVideoRepair] "c:\hardware\quickcam\ISStart.exe"
mRun: [LogitechVideoTray] "c:\hardware\quickcam\LogiTray.exe "
mRun: [CMCService] "c:\program files\ati\catalyst media center\CMCService.exe "
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SpySweeper] "c:\diags\spysweep\SpySweeperUI.exe" /startintray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\hardware\apcpowerchutepe\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\comman~1.lnk - c:\windows\system32\cmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\hardware\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\natura~1.lnk - c:\hardware\samsung\naturalcolor\NaturalColorLoad.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panora~1.lnk - c:\graphics\panorama\Panorama.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spicey~1.lnk - c:\utility\sc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\trayic~1.lnk - c:\applicat\trayicon\TRAYICON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\volume~1.lnk - c:\hardware\soundblasterx-fi\volume panel\VolPanlu.exe
IE: Download with GetRight - c:\applicat\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\applicat\micros~1\office11\EXCEL.EXE/3000
IE: GetRight Mini-Browser - c:\applicat\getright\ietools\GRMiniBrowser.htm
IE: Open with GetRight Browser - c:\applicat\getright\GRbrowse.htm
IE: Search FileMirrors - c:\applicat\getright\ietools\FileMirrors.htm
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\diags\nsw\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\applicat\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\applicat\spybotsd\SDHelper.dll
Trusted Zone: registernelson.com\remote
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1259240547640
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214106037859
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229144092234
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: rpasspc.dll, schannel.dll, digest.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\r610d~1.dar\applic~1\mozilla\firefox\profiles\bjemwv0a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\applicat\firefox\plugins\NPDSPLAY.DLL
FF - plugin: c:\applicat\firefox\plugins\NPGetRt1.dll
FF - plugin: c:\applicat\firefox\plugins\npwachk.dll
FF - plugin: c:\applicat\firefox\plugins\npwmsdrm.dll
FF - plugin: c:\applicat\opera\program\plugins\np-mswmp.dll
FF - plugin: c:\applicat\opera\program\plugins\np_gp.dll
FF - plugin: c:\applicat\opera\program\plugins\NP32DSW.DLL
FF - plugin: c:\applicat\opera\program\plugins\NPAVI32.DLL
FF - plugin: c:\applicat\opera\program\plugins\NPBEATNK.DLL
FF - plugin: c:\applicat\opera\program\plugins\npdivx32.dll
FF - plugin: c:\applicat\opera\program\plugins\NPDRMV2.DLL
FF - plugin: c:\applicat\opera\program\plugins\npdsplay.dll
FF - plugin: c:\applicat\opera\program\plugins\NPGetRt.dll
FF - plugin: c:\applicat\opera\program\plugins\Npindeo.dll
FF - plugin: c:\applicat\opera\program\plugins\NpIpx32.dll
FF - plugin: c:\applicat\opera\program\plugins\NPOFFICE.DLL
FF - plugin: c:\applicat\opera\program\plugins\NPPDF32.DLL
FF - plugin: c:\applicat\opera\program\plugins\npqtplugin.dll
FF - plugin: c:\applicat\opera\program\plugins\npqtplugin2.dll
FF - plugin: c:\applicat\opera\program\plugins\npqtplugin3.dll
FF - plugin: c:\applicat\opera\program\plugins\npqtplugin4.dll
FF - plugin: c:\applicat\opera\program\plugins\npqtplugin5.dll
FF - plugin: c:\applicat\opera\program\plugins\nprfxins.dll
FF - plugin: c:\applicat\opera\program\plugins\NPSWF32.dll
FF - plugin: c:\applicat\opera\program\plugins\NPTURNMED.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\graphics\adobe\acrobat\reader\reader\browser\nppdf32.dll
FF - plugin: c:\graphics\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: c:\graphics\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\graphics\divx\divx web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\applicat\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\applicat\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Apollo: apollo@www.spuler.us - %profile%\extensions\apollo@www.spuler.us
FF - Ext: ErrorZilla Mod: ErrorZillaMod@jaybaldwin - %profile%\extensions\ErrorZillaMod@jaybaldwin
FF - Ext: Launchy: launchy@gemal.dk - %profile%\extensions\launchy@gemal.dk
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LinkPreview: {31DC1CBB-99B2-4652-8279-9BD385D81045} - %profile%\extensions\{31DC1CBB-99B2-4652-8279-9BD385D81045}
FF - Ext: firefix: {343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829} - %profile%\extensions\{343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829}
FF - Ext: Bookmark Backup: {3474c305-9dad-11d8-9207-00055d74c2e4} - %profile%\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}
FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Gcache: {5A32C460-12D9-11D9-9669-0800200C9A66} - %profile%\extensions\{5A32C460-12D9-11D9-9669-0800200C9A66}
FF - Ext: Stop-or-Reload Button: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8} - %profile%\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
FF - Ext: CuteMenus - Crystal SVG: {63df8e21-711c-4074-a257-b065cadc28d8} - %profile%\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
FF - Ext: Bookmarks LinkChecker: {8B41860E-5D30-4e96-BB09-CE22F491A481} - %profile%\extensions\{8B41860E-5D30-4e96-BB09-CE22F491A481}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: ConfigurationMania?: {c4d362ec-1cff-4ca0-9031-99a8fad7995a} - %profile%\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: NeedleSearch: {e22068c8-faf8-4620-b0d6-e2811a82e84b} - %profile%\extensions\{e22068c8-faf8-4620-b0d6-e2811a82e84b}
FF - Ext: Preferential: {e3a1bec3-1cc1-4d20-875b-a10587471a5e} - %profile%\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
FF - Ext: Modern Pinball: {E800A8D5-6B36-4854-9F21-443F8CBFF835} - %profile%\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
FF - Ext: Sort Bookmarks: {ea702e71-fcda-4c39-93bb-fea2b543b58c} - %profile%\extensions\{ea702e71-fcda-4c39-93bb-fea2b543b58c}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: Optimoz Tweaks: {F2F6EC1A-8601-443B-812F-655E25AEF7D0} - %profile%\extensions\{F2F6EC1A-8601-443B-812F-655E25AEF7D0}
FF - Ext: CustomizeGoogle: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} - %profile%\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
FF - Ext: Wayback: {FDC1470B-8F74-4660-A7A0-2E367DA9CA6C} - %profile%\extensions\{FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-2 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-10-6 28552]
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [2006-9-11 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [2006-11-3 61312]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-28 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-28 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110419.001\BHDrvx86.sys [2011-4-15 802936]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-28 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-28 116784]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 N360;Norton Security Suite;c:\diags\nss\engine\4.3.0.5\ccsvchst.exe [2010-11-28 126392]
R2 NProtectService;Norton UnErase Protection;c:\diags\nsw\norton~1\NPROTECT.EXE [2008-9-25 95600]
R2 Ramdisk;Ramdisk [ QSoft ] Standard;c:\windows\system32\drivers\RAMDisk.sys [2008-6-22 35200]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\diags\spysweep\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\diags\spysweep\WRConsumerService.exe [2011-4-18 1201640]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-3-12 101904]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 eplsw2k;SCM Parallel Port LS-120 Driver;c:\windows\system32\drivers\eplsw2k.sys [1999-10-4 139047]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110419.002\IDSXpx86.sys [2011-4-20 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110420.002\NAVENG.SYS [2011-4-20 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110420.002\NAVEX15.SYS [2011-4-20 1393144]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-9-1 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\dragonage\bin_ship\daupdatersvc.service.exe [2010-10-11 25832]
S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [2009-2-9 144896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 gupdate1c9b01e6e600024;Google Update Service (gupdate1c9b01e6e600024);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [2008-6-21 9728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\applicat\adaware\AAWService.exe [2009-3-9 1028432]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2010-10-12 163328]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 rt2870;Ralink RT2870 Chipset Family Driver;c:\windows\system32\drivers\rt2870.sys [2010-8-14 829792]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\diags\sandra\RpcAgentSrv.exe [2009-2-7 98488]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\diags\secuniapsi\psia.exe --start-service --> c:\diags\secuniapsi\PSIA.exe --start-service [?]
S3 TCT20XUT;TCT20XUT;\??\c:\windows\temp\tct20xut.sys --> c:\windows\temp\TCT20XUT.sys [?]
.
=============== File Associations ===============
.
.reg=regedit
.
=============== Created Last 30 ================
.
2011-04-20 15:31:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-20 15:31:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-20 15:30:37 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-19 04:22:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-19 03:45:01 775168 ----a-w- c:\windows\is-JB81A.exe
2011-04-19 03:43:44 1563008 ----a-w- c:\windows\WRSetup.dll
2011-04-19 03:43:44 -------- d-----w- c:\docume~1\r610d~1.dar\applic~1\Webroot
2011-04-19 03:43:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-04-18 20:47:47 -------- d--h--w- C:\~ErdUserProfile.$$$
2011-04-18 11:56:57 -------- d-----w- C:\NBRT
2011-04-14 01:38:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\XSettings
2011-04-01 00:06:54 2309120 ----a-w- c:\windows\system32\pdfrepair.exe
2011-03-30 20:08:21 -------- d-----w- C:\TMP12
2011-03-30 20:08:19 -------- d-----w- C:\TMP11
2011-03-30 16:10:36 -------- d-----w- C:\TMP10
2011-03-30 15:40:14 -------- d-----w- C:\TMP9
2011-03-28 22:06:36 -------- d-----w- C:\TMP7
.
==================== Find3M ====================
.
2011-04-12 19:59:01 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-12 02:17:53 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 14:20:16.00 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/20/2008 9:58:19 PM
System Uptime: 4/20/2011 1:23:01 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8N-SLI Premium
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket 939 | 2211/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
B: is Removable
C: is FIXED (NTFS) - 244 GiB total, 91.619 GiB free.
D: is FIXED (NTFS) - 687 GiB total, 383.507 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
K: is FIXED (FAT32) - 0 GiB total, 0.464 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_03F0&PID_4211&MI_03\6&107D54E2&1&0003
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_03F0&PID_4211&MI_03\6&107D54E2&1&0003
Service: USBSTOR
.
==== System Restore Points ===================
.
RP1469: 4/12/2011 4:43:22 PM - Installed Oblivion - Knights of the Nine
RP1470: 4/12/2011 4:44:24 PM - Installed Oblivion - Mehrunes Razor
RP1471: 4/12/2011 4:45:31 PM - Installed Oblivion - Orrery
RP1472: 4/12/2011 4:46:20 PM - Installed Oblivion - Spell Tomes
RP1473: 4/12/2011 4:47:51 PM - Installed Oblivion - Thieves Den
RP1474: 4/12/2011 4:48:28 PM - Installed Oblivion - Vile Lair
RP1475: 4/12/2011 4:49:12 PM - Installed Oblivion - Wizard's Tower
RP1476: 4/12/2011 4:51:41 PM - Installed Oblivion - Shivering Isles
RP1477: 4/13/2011 6:43:03 PM - System Checkpoint
RP1478: 4/14/2011 6:52:05 PM - System Checkpoint
RP1479: 4/15/2011 7:10:50 PM - System Checkpoint
RP1480: 4/17/2011 7:58:59 AM - System Checkpoint
RP1481: 4/18/2011 11:27:53 AM - Restore Operation
RP1482: 4/18/2011 11:37:57 AM - Restore Operation
RP1483: 4/18/2011 11:59:23 AM - Restore Operation
RP1484: 4/18/2011 12:16:05 PM - Restore Operation
RP1485: 4/18/2011 12:24:06 PM - After MBR problem
RP1486: 4/18/2011 12:35:19 PM - Restore Operation
RP1487: 4/18/2011 12:44:26 PM - Restore Operation
RP1488: 4/20/2011 11:30:09 AM - Restore Operation
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
_inmm.dll 2.35
7-Zip 4.65
7300
7300_Help
7300Trb
ABI- CODER 3.5.8.1
ABI- Key and Password Manager 1.02
AC3Filter 1.63b
Acoustica Effects Pack
Ad-Aware
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Premiere Elements 2.0
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Advertising Center
AiO_Scan
AiOSoftware
Air Mogul
AMD Power Monitor
AMD Processor Driver
APC PowerChute Personal Edition
Application Compatibility Toolkit
Application Verifier Database
Art Explosion Christian Greeting Card Factory
AstroGrep2.0.29
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI MCE Encoder
ATI Parental Control & Encoder
ATI TV Settings
Audacity 1.3.12 (Unicode)
Axis & Allies
B17 - The Mighty Eighth
Backgammon Professional
Baldur's Gate(TM) II - Shadows of Amn(TM)
Barbarian Invasion
Batch Update
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2142
BD/HD Advisor 1.0
Bible Data Type System Files
Blade Runner
Britannica Ready Reference
British Rail Set Version 5 - Complete Version
BRSet V5.1 - Upgrade Pack
BufferChm
Canon Utilities PhotoStitch
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Media Center
Catalyst Media Center DVD Authoring Module
ccc-core-static
ccc-utility
CCC Help English
CheckIt Diagnostics
ChrisTrains for Locomotion V1.2.0
Civ II : Test Of Time
Civ3 Conquests v1.22 Full
Civil War
Civilization III
Civilization III - Play the World v1.27F
Civilization III Conquests BETA Patch v1.12
Civilization III Play the World
Civilization III v1.29f
Civilization III: Conquests
Class_50_Content_Update
CoffeeCup Free FTP
Common System Files
Compatibility Pack for the 2007 Office system
CompuServe 4.0.2
Connection Keep Alive
Copy
Corel Paint Shop Pro Photo X2
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
Creative Audio Control Panel
Creative Console Launcher
Creative DVD Audio Plugin for Audigy Series
Creative Media Toolbox
Creative MediaSource
Creative MediaSource 5
Creative MediaSource DVD-Audio Player
Creative Software AutoUpdate
Creative System Information
Creative Vienna SoundFont Studio
Creative WaveStudio 7
CreativeProjects
CreativeProjectsTemplates
Crysis(R)
CueTour
CutePDF Writer 2.8
Dark Reign 2
DC Essential Files v1.3
DesertCombat 0.6F
Desperados 1.0
Destinations
Diplomacy
Director
DirectX Media Runtime 5.1
DivX Plus DirectShow Filters
DivX Setup
DocProc
DocumentViewer
DolbyFiles
Dragon Age Redesigned©
Dragon Age: Origins
Dual-Core Optimizer
Duplicate Cleaner 1.4.7c
EA Download Manager
earmusf.exe custom database
Enter The Matrix
Europa Universalis III
Fax
Foster Yeoman PGA Hopper Wagon
Freedom Force® vs The 3rd Reich
FreeFTP
Galactic Civilizations
Galactic Civilizations: The Altarian Prophecy
Gangsters
Geiss for Winamp 2x (remove only)
GetRight
Google Earth
Google Update Helper
GoToMeeting 4.5.0.457
GPL Ghostscript 8.70
Graphical Query Editor
GSview 4.9
Hardwar
Hardwood Solitaire II
Hardwood Spades
Harpoon Classic 97
Heavy Gear 2
Heroes of Might & Magic V: Hammers of Fate
Heroes of Might and Magic V
Heroes of Might and Magic V - Tribes of the East
Hi-Def Suite
HighSpeedPack Reloaded V1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Image Zone 4.7
HP Print Diagnostic Utility
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
ImagXpress
ImgBurn
In Nomine 3.2
InstantShare
InterVideo Disc Master 2
InterVideo DVDCopy 2 for AsusTek
InterVideo WinDVD 5
InterVideo WinDVD Creator 2
JAP
Java Auto Updater
Java(TM) 6 Update 21
JJLOR Locomotion Mining Pack Beta 1
John Deere American Farmer TM v1.0
LabelPrint
LG ODD Auto Firmware Update
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LightScribe Optical Disc Kit
LightScribe System Software
LiveUpdate (Symantec Corporation)
LLS Resource Driver
Logitech Gaming Software 5.04
Logitech QuickCam Software
Logitech® Camera Driver
Lost Empire - Immortals
Machine Check Analysis Tool
MagicTune 2.5
MailWasher
Marvell Miniport Driver
Mass Effect
Mass Effect 2
Master of Orion 3
Matrix-ks
MAX's HTML Beauty++ 2004
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Menu Templates - Starter Kit
Merchant Prince II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Crimson Skies
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2003 Resource Kit
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft Train Simulator
Microsoft Train Simulator gmax Sample Loco
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft XNA Framework Redistributable 1.0 Refresh
Monopoly Star Wars
Monopoly Tycoon
Movie Templates - Starter Kit
Mozilla Firefox (3.6.16)
Mozilla Thunderbird (3.1.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Myst for Windows 95
Natural Color
Need For Speed II SE
Nelson's Electronic LessonWorks 1.0
Nero 9
Nero Burning ROM Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
neroxml
nfs2sea.exe custom database
nfs2sen.exe custom database
Norton Cleanup
Norton Security Suite
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
Nuclear Strike
NVIDIA Drivers
NVIDIA Performance
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Update
NxS Balloon Tip Notification Plugin 2.8
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion mod manager 1.1.12
OEB Resource Driver
OpenAL
Opera 11.01
Orban/Coding Technologies AAC/aacPlus Player Pluginâ„¢ 1.0
Panda ActiveScan 2.0
PanoStandAlone
Panzer General 2
Panzer General 3D
Parkan 2
PartitionMagic
PDF Fixer
PDF Resource Driver
PGIII Scorched Earth
PhotoGallery
PolyView 4.41
PolyView Canon CRW Support
PowerDVD
PowerPlayer II
PowerProducer
PowerQuest PartitionMagic 8.0
ProductContext
Project Zoo (remove only)
PunkBuster Services
QFolder
QuickTime Alternative 3.2.2
QuickTime for Windows (32-bit)
QuickVerse 2007
RAD Video Tools
Railroad Tycoon II - Platinum
Ralink RT2870 Wireless LAN Card
Re-Volt
Reach For The Stars
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revolution
Revolution Patch 1.1
Rhapsody Player Engine
RoboRumble
Robot Arena 2
Rome - Total War(TM)
RvC v3.0 Map Pack
Sandpatch (version 1.0)
Scan
ScannerCopy
Scriptocean Slideshow 1
SD40-2_Content_Update
SeaMonkey (2.0.13)
Secret Weapons Over Normandy
Secunia PSI (2.0.0.1003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shattered Union
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Sid Meier's Civilization IV Colonization
Sid Meier's Planetary Pack
SimilarImages
SiSoftware Sandra Lite 2009.SP2
SkinsHP1
Skypeâ„¢ 5.0
Sound Blaster X-Fi
SoundFont Bank Manager
SoundTrax
Space Shuttle
SpellForce 2 - Shadow Wars
SpellForce 2 Update v1.02
Spelling Dictionaries Support For Adobe Reader 8
Spin It Again
SpongeBob SquarePants Employee of the Month
Spy Sweeper
Spy Sweeper Core
Spybot - Search & Destroy
Star Trek Voyager Elite Force
Star Trek: The Game Show
Star Wars Battlefront II
Starfleet Command II
Starfleet Command II Patcher
Stories for Preachers & Teachers
Stratego
Streamripper (Remove only)
SupportSoft Assisted Service
Sword of the Stars Demo
TagScanner 5.1.596
TeamSpeak 2 Server RC2
Test of Time Patch
TGZ TDM Map Pack 1
The Day After
The Day After patch 1.2
The Great Escape
The Lord of the Rings - Conquestâ„¢
The Simsâ„¢ 2 Double Deluxe
The Time Threat Mystery
Third Age - Total War 1.0 Part1
Third Age - Total War 1.0 Part2
Third Age - Total War Hotfix1
Third Age - Total War Patch 1.1
Third Age - Total War Patch 1.2
Third Age - Total War Patch 1.3
Tiger Woods PGA TOUR 2002
Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016
Tom Clancy's Rainbow Six 3: Iron Wrath 1.00.000
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
Tortuga - Two Treasures
Trade Empires (remove only)
TrayApp
TTDX Configurator
Tweak UI
UFO Extraterrestrials
UltraPlayer
Undelete Plus 2.98
Uninstall Tool
Unload
Unreal Tournament 2004
Unreal Tournament 3
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 2
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UT3 Domination (CBP Edition)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Virtual Key
VisiPics V1.30
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Volume Panel
Warcraft III: All Products
WD Diagnostics
WebReg
Wheel of Time
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Validation Tool
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Resource Kit Tools
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Family Pack 5
XML Paper Specification Shared Components Pack 1.0
XXConsole: Super Console Generator ver 0.93
.
==== Event Viewer Messages From Past Week ========
.
4/20/2011 11:36:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
4/20/2011 11:34:32 AM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
4/20/2011 11:34:32 AM, error: SRTSP [4] - Error loading virus definitions.
4/20/2011 10:56:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AsIO BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip Tcpip6
4/20/2011 10:56:21 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2011 10:56:21 AM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2011 10:56:21 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2011 10:56:21 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2011 10:56:21 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2011 10:46:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 AsIO BHDrvx86 ccHP eeCtrl Fips pavboot SRTSPX SymIRON SYMTDI
4/20/2011 10:45:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/20/2011 10:44:31 AM, error: sfsync02 [12] -
4/20/2011 10:44:31 AM, error: pssync05 [1] - Protection Synchronization Driver detected an internal error, contact the customer support service.
4/20/2011 10:26:01 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/20/2011 1:50:36 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/16/2011 11:36:16 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer NETWORKDRIVE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F34B04C1-8B4B-4. The master browser is stopping or an election is being forced.
4/16/2011 10:27:33 AM, error: Dhcp [1002] - The IP address lease 192.168.1.55 for the Network Card with network address 00259CE54030 has been denied by the DHCP server 192.168.1.40 (The DHCP Server sent a DHCPNACK message).
4/15/2011 6:08:13 PM, error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
4/15/2011 6:08:13 PM, error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
4/15/2011 6:06:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
.
==== End Of File ===========================

** Rootkit Revealer (Sysinternals). It found only one suspicious registry key (but listed twice in the registry) due to embedded nulls:

[HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9D2C1A-DE30-DAB3-B80A-3CB0CA8BC7FA}]
"jajgfodbfdlkeiipllki "=hex:62,61,6e,68,00

[HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9D2C1A-DE30-DAB3-B80A-3CB0CA8BC7FA}]
"jajgfodbfdlkeiipllki "=hex:62,61,6e,68,00

The same 2 keys are also in HKCU but were not flagged.

** RootRepeal hangs up when I try to run it.

I'd appreciate it if someone could help me figure out if my system is infected and, if so, what to do about getting rid of the infection. Thanks!

broni · 2011/04/20

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

Your MBAM log says "No action taken ".
Please, re-run it, FIX all issues and post new log.

Then.....

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Xd23bgt · 2011/04/20

Thanks for your prompt reply! Here's the new Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6410

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/20/2011 9:35:04 PM
mbam-log-2011-04-20 (21-35-04).txt

Scan type: Quick scan
Objects scanned: 188905
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here's the TDSSKiller log (it didn't find anything):

2011/04/20 21:54:12.0906 1540 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 21:54:12.0953 1540 ================================================================================
2011/04/20 21:54:12.0953 1540 SystemInfo:
2011/04/20 21:54:12.0953 1540
2011/04/20 21:54:12.0953 1540 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/20 21:54:12.0953 1540 Product type: Workstation
2011/04/20 21:54:12.0953 1540 ComputerName: SPORKO2
2011/04/20 21:54:12.0953 1540 UserName: R. Darrell Smith
2011/04/20 21:54:12.0953 1540 Windows directory: C:\WINDOWS
2011/04/20 21:54:12.0953 1540 System windows directory: C:\WINDOWS
2011/04/20 21:54:12.0953 1540 Processor architecture: Intel x86
2011/04/20 21:54:12.0953 1540 Number of processors: 2
2011/04/20 21:54:12.0953 1540 Page size: 0x1000
2011/04/20 21:54:12.0953 1540 Boot type: Normal boot
2011/04/20 21:54:12.0953 1540 ================================================================================
2011/04/20 21:54:13.0437 1540 Initialize success
2011/04/20 21:54:30.0656 4060 ================================================================================
2011/04/20 21:54:30.0656 4060 Scan started
2011/04/20 21:54:30.0656 4060 Mode: Manual;
2011/04/20 21:54:30.0656 4060 ================================================================================
2011/04/20 21:54:36.0796 4060 ================================================================================
2011/04/20 21:54:36.0796 4060 Scan finished
2011/04/20 21:54:36.0796 4060 ================================================================================

What now? Thanks again for your help.

broni · 2011/04/20

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Xd23bgt · 2011/04/21

I was able to run Combofix without any problems. Here's the log:

ComboFix 11-04-20.04 - R. Darrell Smith 04/21/2011 8:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1687 [GMT -4:00]
Running from: c:\documents and settings\R. Darrell Smith\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\R. Darrell Smith\g2mdlhlpx.exe
c:\documents and settings\R. Darrell Smith\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
.
.
2011-04-21 01:20 . 2011-04-21 01:20 -------- d-----w- c:\documents and settings\R. Darrell Smith\Application Data\Malwarebytes
2011-04-21 01:19 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 01:19 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 19:56 . 2011-04-20 19:56 34816 ----a-w- c:\windows\system32\drivers\prj25gh.sys
2011-04-20 15:31 . 2011-04-20 15:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-20 15:30 . 2011-04-20 15:30 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-19 04:22 . 2011-04-19 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-19 03:45 . 2011-04-19 03:45 775168 ----a-w- c:\windows\is-JB81A.exe
2011-04-19 03:43 . 2011-04-20 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2011-04-19 03:43 . 2011-04-19 03:43 -------- d-----w- c:\documents and settings\R. Darrell Smith\Application Data\Webroot
2011-04-19 03:43 . 2009-11-06 19:19 1563008 ----a-w- c:\windows\WRSetup.dll
2011-04-18 20:47 . 2011-04-18 20:47 -------- d-----w- C:\~ErdUserProfile.$$$
2011-04-18 11:56 . 2011-04-18 11:56 -------- d-----w- C:\NBRT
2011-04-14 01:38 . 2011-04-14 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\XSettings
2011-04-01 00:06 . 2006-11-28 21:30 2309120 ----a-w- c:\windows\system32\pdfrepair.exe
2011-03-30 20:08 . 2011-03-30 21:53 -------- d-----w- C:\TMP12
2011-03-30 20:08 . 2011-03-30 20:23 -------- d-----w- C:\TMP11
2011-03-30 16:10 . 2011-03-30 19:56 -------- d-----w- C:\TMP10
2011-03-30 15:40 . 2011-04-21 12:36 -------- d-----w- C:\TMP9
2011-03-28 22:06 . 2011-04-01 00:09 -------- d-----w- C:\TMP7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 19:59 . 2008-06-29 02:02 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-09 13:53 . 2004-08-04 06:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 06:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-06-21 01:47 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-06-21 01:47 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 06:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSWosCheck "= "c:\diags\NSW\osCheck.exe" [2008-09-25 160112]
"CTxfiHlp "= "CTXFIHLP.EXE" [2009-06-04 25600]
"RCSystem "= "c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"AudioDrvEmulator "= "c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTHelper "= "c:\windows\system32\CTHELPER.EXE" [2008-02-21 19456]
"CTDVDDET "= "c:\hardware\SoundBlasterX-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"amd_dc_opt "= "c:\hardware\AMD\Dual-CoreOptimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LVCOMSX "= "c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair "= "c:\hardware\QuickCam\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray "= "c:\hardware\QuickCam\LogiTray.exe" [2005-06-08 217088]
"CMCService "= "c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
"TkBellExe "= "c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-12 273544]
"SpySweeper "= "c:\diags\SpySweep\SpySweeperUI.exe" [2009-11-06 6515784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\hardware\APCPowerChutePE\Display.exe [2006-1-17 221247]
Command Prompt.lnk - c:\windows\system32\cmd.exe [2004-8-4 389120]
HP Digital Imaging Monitor.lnk - c:\hardware\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
NaturalColorLoad.lnk - c:\hardware\SAMSUNG\NaturalColor\NaturalColorLoad.exe [2006-2-25 155715]
Panorama 1.31.lnk - c:\graphics\Panorama\Panorama.exe [2008-12-7 708608]
Spicey Corners 2.10.lnk - c:\utility\sc.exe [2006-2-3 69632]
TrayIcon 2.1.lnk - c:\applicat\TRAYICON\TRAYICON.EXE [2008-12-21 198656]
Volume Panel.lnk - c:\hardware\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe [2008-9-1 233576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, schannel.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative MediaSource Go "= "c:\hardware\SoundBlasterX-Fi\MediaSource\Go\CTCMSGoU.exe" /SCB
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" /background
"LogitechSoftwareUpdate "= "c:\hardware\QuickCam\ManifestEngine.exe" boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update "= "c:\hardware\HP\HP Software Update\HPWuSchd2.exe "
"PPMemCheck "=c:\progra~1\PESTPA~1\PPMemCheck.exe
"PestPatrol Control Center "=c:\progra~1\PESTPA~1\PPControl.exe
"CookiePatrol "=c:\progra~1\PESTPA~1\CookiePatrol.exe
"Start WingMan Profiler "=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"Intuit SyncManager "=c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
"Ad-Watch "= "c:\applicat\AdAware\AAWTray.exe "
"AMD_Display "=
"NVRaidService "= "c:\windows\system32\nvraidservice.exe "
"DXDllRegExe "= "c:\windows\system32\dxdllreg.exe"
"KernelFaultCheck "=%systemroot%\system32\dumprep 0 -k
"Adobe Reader Speed Launcher "= "c:\graphics\Adobe\Acrobat\Reader\Reader\Reader_sl.exe "
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe "
"ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" /icon= "hidden "
"CheckPoint Cleanup "= "k:\temp\cpes_clean_launcher.exe" k:\temp\cpes_clean.exe
"TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\HARDWARE\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"d:\\GAMES\\Battle2142\\BF2142.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\HARDWARE\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\HARDWARE\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\APPLICAT\\Teamspeak\\Server\\server_windows.exe "=
"d:\\GAMES\\Battle1942\\BF1942.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"d:\\GAMES\\RavenShield\\system\\ravenshield.exe "=
"d:\\GAMES\\CIV4\\Beyond the Sword\\Civ4BeyondSword.exe "=
"d:\\GAMES\\CIV4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe "=
"d:\\GAMES\\Warcraft3\\Warcraft III.exe "=
"d:\\GAMES\\CallOfDuty\\CoDMP.exe "=
"d:\\GAMES\\CallOfDuty\\CoDUOMP.exe "=
"d:\\GAMES\\Heroes3\\HEROES3.EXE "=
"c:\\WINDOWS\\system32\\dplaysvr.exe "=
"c:\\APPLICAT\\eMule\\emule.exe "=
"d:\\GAMES\\SWBattlefront2\\GameData\\BattlefrontII.exe "=
"d:\\GAMES\\Civ4Colonization\\Colonization.exe "=
"d:\\GAMES\\SpellForce2\\spellforce2.exe "=
"d:\\GAMES\\UT3\\Binaries\\UT3.exe "=
"d:\\GAMES\\Heroes of Might and Magic V\\bin\\H5_Game.exe "=
"d:\\GAMES\\Heroes of Might and Magic V\\bina1\\H5_Game.exe "=
"d:\\GAMES\\Heroes of Might and Magic V\\Tribes of the East\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe "=
"d:\\GAMES\\Batzone2\\bzone.exe "=
"c:\\APPLICAT\\GetRight\\GetRight.exe "=
"d:\\GAMES\\ShatteredUnion\\ShatteredUnion.exe "=
"d:\\GAMES\\RoboRumble\\DATA\\rr_dx5.exe "=
"c:\\DIAGS\\Sandra\\RpcAgentSrv.exe "=
"d:\\GAMES\\Re-Volt\\revolt.exe "=
"d:\\GAMES\\MassEffect\\Binaries\\MassEffect.exe "=
"d:\\GAMES\\MassEffect\\MassEffectLauncher.exe "=
"c:\\APPLICAT\\Opera\\opera.exe "=
"d:\\GAMES\\UT2004\\System\\UT2004.exe "=
"c:\\APPLICAT\\SeaMonkey\\seamonkey.exe "=
"c:\\APPLICAT\\FreeFTP\\FreeFTP.exe "=
"c:\\APPLICAT\\CoffeeCupFreeFTP\\FreeFTP.exe "=
"d:\\GAMES\\LostEmpire\\LostEmpire.exe "=
"d:\\GAMES\\DragonAge\\bin_ship\\daorigins.exe "=
"d:\\GAMES\\DragonAge\\DAOriginsLauncher.exe "=
"d:\\GAMES\\MassEffect2\\Binaries\\MassEffect2.exe "=
"d:\\GAMES\\MassEffect2\\MassEffect2Launcher.exe "=
"c:\\DIAGS\\Sandra\\WNt500x86\\RpcSandraSrv.exe "=
"d:\\GAMES\\DragonAge\\bin_ship\\daupdatersvc.service.exe "=
"c:\\APPLICAT\\Skype\\Phone\\Skype.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)
"17770:UDP "= 17770:UDP:BZ2
"17771:UDP "= 17771:UDP:BZ2
"17772:UDP "= 17772:UDP:BZ2
"17770:TCP "= 17770:TCP:BZ2
"17771:TCP "= 17771:TCP:BZ2
"17772:TCP "= 17772:TCP:BZ2
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/2/2009 5:07 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/6/2010 5:51 PM 28552]
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [9/11/2006 8:01 AM 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [11/3/2006 4:24 AM 61312]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [11/28/2010 2:12 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [11/28/2010 2:12 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys [4/15/2011 4:29 PM 802936]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [11/28/2010 2:12 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [11/28/2010 2:12 PM 116784]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 2:56 AM 14336]
R2 N360;Norton Security Suite;c:\diags\NSS\Engine\4.3.0.5\ccsvchst.exe [11/28/2010 2:12 PM 126392]
R2 NProtectService;Norton UnErase Protection;c:\diags\NSW\NORTON~1\NPROTECT.EXE [9/25/2008 2:53 PM 95600]
R2 Ramdisk;Ramdisk [ QSoft ] Standard;c:\windows\system32\drivers\RAMDisk.sys [6/22/2008 8:07 PM 35200]
R2 WRConsumerService;Webroot Client Service;c:\diags\SpySweep\WRConsumerService.exe [4/18/2011 11:45 PM 1201640]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/12/2011 10:09 PM 101904]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 eplsw2k;SCM Parallel Port LS-120 Driver;c:\windows\system32\drivers\eplsw2k.sys [10/4/1999 1:30 PM 139047]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/20/2011 1:10 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSXpx86.sys [4/20/2011 1:11 PM 341944]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/1/2008 7:09 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\DragonAge\bin_ship\daupdatersvc.service.exe [10/11/2010 10:18 PM 25832]
S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [2/9/2009 8:42 AM 144896]
S3 gupdate1c9b01e6e600024;Google Update Service (gupdate1c9b01e6e600024);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 12:39 PM 136176]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [6/21/2008 2:05 PM 9728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\applicat\AdAware\AAWService.exe [3/9/2009 3:06 PM 1028432]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [10/12/2010 11:42 AM 163328]
S3 prj25gh;prj25gh;c:\windows\system32\drivers\prj25gh.sys [4/20/2011 3:56 PM 34816]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\diags\Sandra\RpcAgentSrv.exe [2/7/2009 9:34 PM 98488]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\diags\SecuniaPSI\PSIA.exe --start-service --> c:\diags\SecuniaPSI\PSIA.exe --start-service [?]
S3 TCT20XUT;TCT20XUT;\??\c:\windows\TEMP\TCT20XUT.sys --> c:\windows\TEMP\TCT20XUT.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 15:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 16:39]
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 16:39]
.
2011-04-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1532298954-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-04-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1532298954-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-04-19 c:\windows\Tasks\wrSpySweeper_L3F9E610C8E02480FBF22B1DA8DCC91AD.job
- c:\diags\SpySweep\SpySweeperUI.exe [2011-04-19 19:19]
.
2011-04-19 c:\windows\Tasks\wrSpySweeper_L3F9E610C8E02480FBF22B1DA8DCC91AD.job
- c:\diags\SpySweep\SpySweeperUI.exe [2011-04-19 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.atari.com/
IE: Download with GetRight - c:\applicat\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\applicat\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: GetRight Mini-Browser - c:\applicat\GetRight\IETools\GRMiniBrowser.htm
IE: Open with GetRight Browser - c:\applicat\GetRight\GRbrowse.htm
IE: Search FileMirrors - c:\applicat\GetRight\IETools\FileMirrors.htm
Trusted Zone: registernelson.com\remote
FF - ProfilePath - c:\documents and settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\applicat\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\applicat\Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Apollo: apollo@www.spuler.us - %profile%\extensions\apollo@www.spuler.us
FF - Ext: ErrorZilla Mod: ErrorZillaMod@jaybaldwin - %profile%\extensions\ErrorZillaMod@jaybaldwin
FF - Ext: Launchy: launchy@gemal.dk - %profile%\extensions\launchy@gemal.dk
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LinkPreview: {31DC1CBB-99B2-4652-8279-9BD385D81045} - %profile%\extensions\{31DC1CBB-99B2-4652-8279-9BD385D81045}
FF - Ext: firefix: {343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829} - %profile%\extensions\{343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829}
FF - Ext: Bookmark Backup: {3474c305-9dad-11d8-9207-00055d74c2e4} - %profile%\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}
FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Gcache: {5A32C460-12D9-11D9-9669-0800200C9A66} - %profile%\extensions\{5A32C460-12D9-11D9-9669-0800200C9A66}
FF - Ext: Stop-or-Reload Button: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8} - %profile%\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
FF - Ext: CuteMenus - Crystal SVG: {63df8e21-711c-4074-a257-b065cadc28d8} - %profile%\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
FF - Ext: Bookmarks LinkChecker: {8B41860E-5D30-4e96-BB09-CE22F491A481} - %profile%\extensions\{8B41860E-5D30-4e96-BB09-CE22F491A481}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: ConfigurationMania?: {c4d362ec-1cff-4ca0-9031-99a8fad7995a} - %profile%\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: NeedleSearch: {e22068c8-faf8-4620-b0d6-e2811a82e84b} - %profile%\extensions\{e22068c8-faf8-4620-b0d6-e2811a82e84b}
FF - Ext: Preferential: {e3a1bec3-1cc1-4d20-875b-a10587471a5e} - %profile%\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
FF - Ext: Modern Pinball: {E800A8D5-6B36-4854-9F21-443F8CBFF835} - %profile%\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
FF - Ext: Sort Bookmarks: {ea702e71-fcda-4c39-93bb-fea2b543b58c} - %profile%\extensions\{ea702e71-fcda-4c39-93bb-fea2b543b58c}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: Optimoz Tweaks: {F2F6EC1A-8601-443B-812F-655E25AEF7D0} - %profile%\extensions\{F2F6EC1A-8601-443B-812F-655E25AEF7D0}
FF - Ext: CustomizeGoogle: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} - %profile%\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
FF - Ext: Wayback: {FDC1470B-8F74-4660-A7A0-2E367DA9CA6C} - %profile%\extensions\{FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
------- File Associations -------
.
.reg=regedit
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8D2223A2-B3C6-4e32-B096-CDD11F628C60} - (no file)
AddRemove-ChrisTrains for Locomotion V1.2.0 - d:\games\Locomotion\ObjData\Uninstal.exe
AddRemove-HighSpeedPack Reloaded V1.0.0 - d:\games\Locomotion\ObjData\Uninstal.exe
AddRemove-JJLOR Locomotion Mining Pack Beta 1 - d:\games\Locomotion\ObjData\Uninstal.exe
AddRemove-{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1 - c:\diags\SpySweep\unins001.exe
AddRemove-British Rail Set Version 5 - Complete Version - d:\games\Locomotion\ObjData\Uninstal.exe
AddRemove-BRSet V5.1 - Upgrade Pack - d:\games\Locomotion\ObjData\Uninstal.exe
AddRemove-Dragon Age Redesigned© - c:\documents and settings\R. Darrell Smith\My Documents\BioWare\Dragon Age\packages\core\override\DA Redesigned\Uninstall Recommended settings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-21 09:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: NVIDIA__ rev. -> Harddisk0\DR0 -> \Device\000000a5
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath "= "\ "c:\diags\NSS\Engine\4.3.0.5\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\diags\NSS\Engine\4.3.0.5\diMaster.dll\" /prefetch:1 "
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\applicat\CyberLink\PowerDVD\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9D2C1A-DE30-DAB3-B80A-3CB0CA8BC7FA}*]
"jajgfodbfdlkeiiplloh "=hex:62,61,65,68,00,00
"iajnjjcajmabhcmaoi "=hex:6b,61,6d,68,6a,6f,69,65,66,63,64,6b,6f,65,68,64,6a,6a,
6e,70,69,65,00,00
"jajgfodbfdlkeiipllki "=hex:62,61,6e,68,00,00
.
[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"?? "=hex:6f,c5,0d,86,81,aa,59,5c,e7,f0,bb,00,d0,c9,41,5a,63,cc,0d,16,31,db,af,
87,66,6c,2b,e7,eb,12,8d,68,c4,17,27,b2,b9,6a,19,8a,e7,2b,19,26,23,88,f0,fc,\
"?? "=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa
.
[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu "=hex:bc,b4,2f,df,4e,bf,33,84,55,7f,be,e4,ce,9a,da,e1,6e,b3,17,d0,78,
cd,f1,2b,c8,c3,18,ce,65,f9,15,3f,4e,5f,30,2c,12,b2,3d,8f,8c,4a,15,08,87,fe,\
"rkeysecu "=hex:37,3b,27,e5,d9,66,b6,50,92,8d,8a,34,06,13,8f,9d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-04-21 09:12:36
ComboFix-quarantined-files.txt 2011-04-21 13:12
.
Pre-Run: 98,691,915,776 bytes free
Post-Run: 98,439,843,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - D5D68F898CE589BB1B0D0AC0253B6069

What's next?

broni · 2011/04/21

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\is-JB81A.exe
c:\windows\system32\drivers\prj25gh.sys
c:\windows\TEMP\TCT20XUT.sys


DDS::
Trusted Zone: registernelson.com\remote

Driver::
prj25gh
TCT20XUT


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring "=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "UpdReg "=-

RegNull::
[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E9D2C1A-DE30-DAB3-B80A-3CB0CA8BC7FA}*]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Xd23bgt · 2011/04/21

Latest Combofix run. Program updated itself before executing:

ComboFix 11-04-21.02 - R. Darrell Smith 04/21/2011 21:24:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1630 [GMT -4:00]
Running from: c:\documents and settings\R. Darrell Smith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\R. Darrell Smith\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
FILE ::
"c:\windows\is-JB81A.exe "
"c:\windows\system32\drivers\prj25gh.sys "
"c:\windows\TEMP\TCT20XUT.sys "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\windows\is-JB81A.exe
c:\windows\system32\drivers\prj25gh.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TCT20XUT
-------\Service_prj25gh
-------\Service_TCT20XUT
.
.
((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
.
.
2011-04-21 01:20 . 2011-04-21 01:20 -------- d-----w- c:\documents and settings\R. Darrell Smith\Application Data\Malwarebytes
2011-04-21 01:19 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 01:19 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 15:31 . 2011-04-20 15:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-20 15:30 . 2011-04-20 15:30 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-19 04:22 . 2011-04-19 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-19 03:43 . 2011-04-20 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2011-04-19 03:43 . 2011-04-19 03:43 -------- d-----w- c:\documents and settings\R. Darrell Smith\Application Data\Webroot
2011-04-19 03:43 . 2009-11-06 19:19 1563008 ----a-w- c:\windows\WRSetup.dll
2011-04-18 20:47 . 2011-04-18 20:47 -------- d-----w- C:\~ErdUserProfile.$$$
2011-04-18 11:56 . 2011-04-18 11:56 -------- d-----w- C:\NBRT
2011-04-14 01:38 . 2011-04-14 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\XSettings
2011-04-01 00:06 . 2006-11-28 21:30 2309120 ----a-w- c:\windows\system32\pdfrepair.exe
2011-03-30 20:08 . 2011-03-30 21:53 -------- d-----w- C:\TMP12
2011-03-30 20:08 . 2011-03-30 20:23 -------- d-----w- C:\TMP11
2011-03-30 16:10 . 2011-03-30 19:56 -------- d-----w- C:\TMP10
2011-03-30 15:40 . 2011-04-22 01:13 -------- d-----w- C:\TMP9
2011-03-28 22:06 . 2011-04-01 00:09 -------- d-----w- C:\TMP7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 19:59 . 2008-06-29 02:02 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-09 13:53 . 2004-08-04 06:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 06:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-06-21 01:47 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-06-21 01:47 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSWosCheck "= "c:\diags\NSW\osCheck.exe" [2008-09-25 160112]
"CTxfiHlp "= "CTXFIHLP.EXE" [2009-06-04 25600]
"RCSystem "= "c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"AudioDrvEmulator "= "c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"CTHelper "= "c:\windows\system32\CTHELPER.EXE" [2008-02-21 19456]
"CTDVDDET "= "c:\hardware\SoundBlasterX-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"amd_dc_opt "= "c:\hardware\AMD\Dual-CoreOptimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LVCOMSX "= "c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair "= "c:\hardware\QuickCam\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray "= "c:\hardware\QuickCam\LogiTray.exe" [2005-06-08 217088]
"CMCService "= "c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
"SpySweeper "= "c:\diags\SpySweep\SpySweeperUI.exe" [2009-11-06 6515784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\hardware\APCPowerChutePE\Display.exe [2006-1-17 221247]
Command Prompt.lnk - c:\windows\system32\cmd.exe [2004-8-4 389120]
HP Digital Imaging Monitor.lnk - c:\hardware\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
NaturalColorLoad.lnk - c:\hardware\SAMSUNG\NaturalColor\NaturalColorLoad.exe [2006-2-25 155715]
Panorama 1.31.lnk - c:\graphics\Panorama\Panorama.exe [2008-12-7 708608]
Spicey Corners 2.10.lnk - c:\utility\sc.exe [2006-2-3 69632]
TrayIcon 2.1.lnk - c:\applicat\TRAYICON\TRAYICON.EXE [2008-12-21 198656]
Volume Panel.lnk - c:\hardware\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe [2008-9-1 233576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, schannel.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative MediaSource Go "= "c:\hardware\SoundBlasterX-Fi\MediaSource\Go\CTCMSGoU.exe" /SCB
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" /background
"LogitechSoftwareUpdate "= "c:\hardware\QuickCam\ManifestEngine.exe" boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update "= "c:\hardware\HP\HP Software Update\HPWuSchd2.exe "
"PPMemCheck "=c:\progra~1\PESTPA~1\PPMemCheck.exe
"PestPatrol Control Center "=c:\progra~1\PESTPA~1\PPControl.exe
"CookiePatrol "=c:\progra~1\PESTPA~1\CookiePatrol.exe
"Start WingMan Profiler "=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"Intuit SyncManager "=c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
"Ad-Watch "= "c:\applicat\AdAware\AAWTray.exe "
"AMD_Display "=
"NVRaidService "= "c:\windows\system32\nvraidservice.exe "
"DXDllRegExe "= "c:\windows\system32\dxdllreg.exe"
"KernelFaultCheck "=%systemroot%\system32\dumprep 0 -k
"Adobe Reader Speed Launcher "= "c:\graphics\Adobe\Acrobat\Reader\Reader\Reader_sl.exe "
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe "
"ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" /icon= "hidden "
"CheckPoint Cleanup "= "k:\temp\cpes_clean_launcher.exe" k:\temp\cpes_clean.exe
"TkBellExe "= "c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\HARDWARE\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"d:\\GAMES\\Battle2142\\BF2142.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\HARDWARE\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\HARDWARE\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\APPLICAT\\Teamspeak\\Server\\server_windows.exe "=
"d:\\GAMES\\Battle1942\\BF1942.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"d:\\GAMES\\RavenShield\\system\\ravenshield.exe "=
"d:\\GAMES\\CIV4\\Beyond the Sword\\Civ4BeyondSword.exe "=
"d:\\GAMES\\CIV4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe "=
"d:\\GAMES\\Warcraft3\\Warcraft III.exe "=
"d:\\GAMES\\CallOfDuty\\CoDMP.exe "=
"d:\\GAMES\\CallOfDuty\\CoDUOMP.exe "=
"d:\\GAMES\\Heroes3\\HEROES3.EXE "=
"c:\\WINDOWS\\system32\\dplaysvr.exe "=
"c:\\APPLICAT\\eMule\\emule.exe "=
"d:\\GAMES\\SWBattlefront2\\GameData\\BattlefrontII.exe "=
"d:\\GAMES\\Civ4Colonization\\Colonization.exe "=
"d:\\GAMES\\SpellForce2\\spellforce2.exe "=
"d:\\GAMES\\UT3\\Binaries\\UT3.exe "=
"d:\\GAMES\\Heroes of Might and Magic V\\bin\\H5_Game.exe "=
"d:\\GAMES\\Heroes of Might and Magic V\\bina1\\H5_Game.exe "=
"d:\\GAMES\\Heroes of Might and Magic V\\Tribes of the East\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe "=
"d:\\GAMES\\Batzone2\\bzone.exe "=
"c:\\APPLICAT\\GetRight\\GetRight.exe "=
"d:\\GAMES\\ShatteredUnion\\ShatteredUnion.exe "=
"d:\\GAMES\\RoboRumble\\DATA\\rr_dx5.exe "=
"c:\\DIAGS\\Sandra\\RpcAgentSrv.exe "=
"d:\\GAMES\\Re-Volt\\revolt.exe "=
"d:\\GAMES\\MassEffect\\Binaries\\MassEffect.exe "=
"d:\\GAMES\\MassEffect\\MassEffectLauncher.exe "=
"c:\\APPLICAT\\Opera\\opera.exe "=
"d:\\GAMES\\UT2004\\System\\UT2004.exe "=
"c:\\APPLICAT\\SeaMonkey\\seamonkey.exe "=
"c:\\APPLICAT\\FreeFTP\\FreeFTP.exe "=
"c:\\APPLICAT\\CoffeeCupFreeFTP\\FreeFTP.exe "=
"d:\\GAMES\\LostEmpire\\LostEmpire.exe "=
"d:\\GAMES\\DragonAge\\bin_ship\\daorigins.exe "=
"d:\\GAMES\\DragonAge\\DAOriginsLauncher.exe "=
"d:\\GAMES\\MassEffect2\\Binaries\\MassEffect2.exe "=
"d:\\GAMES\\MassEffect2\\MassEffect2Launcher.exe "=
"c:\\DIAGS\\Sandra\\WNt500x86\\RpcSandraSrv.exe "=
"d:\\GAMES\\DragonAge\\bin_ship\\daupdatersvc.service.exe "=
"c:\\APPLICAT\\Skype\\Phone\\Skype.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)
"17770:UDP "= 17770:UDP:BZ2
"17771:UDP "= 17771:UDP:BZ2
"17772:UDP "= 17772:UDP:BZ2
"17770:TCP "= 17770:TCP:BZ2
"17771:TCP "= 17771:TCP:BZ2
"17772:TCP "= 17772:TCP:BZ2
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/2/2009 5:07 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/6/2010 5:51 PM 28552]
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [9/11/2006 8:01 AM 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [11/3/2006 4:24 AM 61312]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [11/28/2010 2:12 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [11/28/2010 2:12 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys [4/15/2011 4:29 PM 802936]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [11/28/2010 2:12 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [11/28/2010 2:12 PM 116784]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 2:56 AM 14336]
R2 N360;Norton Security Suite;c:\diags\NSS\Engine\4.3.0.5\ccsvchst.exe [11/28/2010 2:12 PM 126392]
R2 NProtectService;Norton UnErase Protection;c:\diags\NSW\NORTON~1\NPROTECT.EXE [9/25/2008 2:53 PM 95600]
R2 Ramdisk;Ramdisk [ QSoft ] Standard;c:\windows\system32\drivers\RAMDisk.sys [6/22/2008 8:07 PM 35200]
R2 WRConsumerService;Webroot Client Service;c:\diags\SpySweep\WRConsumerService.exe [4/18/2011 11:45 PM 1201640]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/12/2011 10:09 PM 101904]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 eplsw2k;SCM Parallel Port LS-120 Driver;c:\windows\system32\drivers\eplsw2k.sys [10/4/1999 1:30 PM 139047]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/20/2011 1:10 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSXpx86.sys [4/20/2011 1:11 PM 341944]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/1/2008 7:09 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\DragonAge\bin_ship\daupdatersvc.service.exe [10/11/2010 10:18 PM 25832]
S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [2/9/2009 8:42 AM 144896]
S3 gupdate1c9b01e6e600024;Google Update Service (gupdate1c9b01e6e600024);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 12:39 PM 136176]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [6/21/2008 2:05 PM 9728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\applicat\AdAware\AAWService.exe [3/9/2009 3:06 PM 1028432]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [10/12/2010 11:42 AM 163328]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\diags\Sandra\RpcAgentSrv.exe [2/7/2009 9:34 PM 98488]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\diags\SecuniaPSI\PSIA.exe --start-service --> c:\diags\SecuniaPSI\PSIA.exe --start-service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 15:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.atari.com/
IE: Download with GetRight - c:\applicat\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\applicat\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: GetRight Mini-Browser - c:\applicat\GetRight\IETools\GRMiniBrowser.htm
IE: Open with GetRight Browser - c:\applicat\GetRight\GRbrowse.htm
IE: Search FileMirrors - c:\applicat\GetRight\IETools\FileMirrors.htm
FF - ProfilePath - c:\documents and settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\applicat\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\applicat\Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Apollo: apollo@www.spuler.us - %profile%\extensions\apollo@www.spuler.us
FF - Ext: ErrorZilla Mod: ErrorZillaMod@jaybaldwin - %profile%\extensions\ErrorZillaMod@jaybaldwin
FF - Ext: Launchy: launchy@gemal.dk - %profile%\extensions\launchy@gemal.dk
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LinkPreview: {31DC1CBB-99B2-4652-8279-9BD385D81045} - %profile%\extensions\{31DC1CBB-99B2-4652-8279-9BD385D81045}
FF - Ext: firefix: {343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829} - %profile%\extensions\{343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829}
FF - Ext: Bookmark Backup: {3474c305-9dad-11d8-9207-00055d74c2e4} - %profile%\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}
FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Gcache: {5A32C460-12D9-11D9-9669-0800200C9A66} - %profile%\extensions\{5A32C460-12D9-11D9-9669-0800200C9A66}
FF - Ext: Stop-or-Reload Button: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8} - %profile%\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
FF - Ext: CuteMenus - Crystal SVG: {63df8e21-711c-4074-a257-b065cadc28d8} - %profile%\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
FF - Ext: Bookmarks LinkChecker: {8B41860E-5D30-4e96-BB09-CE22F491A481} - %profile%\extensions\{8B41860E-5D30-4e96-BB09-CE22F491A481}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: ConfigurationMania?: {c4d362ec-1cff-4ca0-9031-99a8fad7995a} - %profile%\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: NeedleSearch: {e22068c8-faf8-4620-b0d6-e2811a82e84b} - %profile%\extensions\{e22068c8-faf8-4620-b0d6-e2811a82e84b}
FF - Ext: Preferential: {e3a1bec3-1cc1-4d20-875b-a10587471a5e} - %profile%\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
FF - Ext: Modern Pinball: {E800A8D5-6B36-4854-9F21-443F8CBFF835} - %profile%\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
FF - Ext: Sort Bookmarks: {ea702e71-fcda-4c39-93bb-fea2b543b58c} - %profile%\extensions\{ea702e71-fcda-4c39-93bb-fea2b543b58c}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: Optimoz Tweaks: {F2F6EC1A-8601-443B-812F-655E25AEF7D0} - %profile%\extensions\{F2F6EC1A-8601-443B-812F-655E25AEF7D0}
FF - Ext: CustomizeGoogle: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} - %profile%\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
FF - Ext: Wayback: {FDC1470B-8F74-4660-A7A0-2E367DA9CA6C} - %profile%\extensions\{FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-21 22:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath "= "\ "c:\diags\NSS\Engine\4.3.0.5\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\diags\NSS\Engine\4.3.0.5\diMaster.dll\" /prefetch:1 "
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\applicat\CyberLink\PowerDVD\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"?? "=hex:6f,c5,0d,86,81,aa,59,5c,e7,f0,bb,00,d0,c9,41,5a,63,cc,0d,16,31,db,af,
87,66,6c,2b,e7,eb,12,8d,68,c4,17,27,b2,b9,6a,19,8a,e7,2b,19,26,23,88,f0,fc,\
"?? "=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa
.
[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu "=hex:bc,b4,2f,df,4e,bf,33,84,55,7f,be,e4,ce,9a,da,e1,6e,b3,17,d0,78,
cd,f1,2b,c8,c3,18,ce,65,f9,15,3f,4e,5f,30,2c,12,b2,3d,8f,8c,4a,15,08,87,fe,\
"rkeysecu "=hex:37,3b,27,e5,d9,66,b6,50,92,8d,8a,34,06,13,8f,9d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\hardware\APCPowerChutePE\mainserv.exe
c:\program files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\diags\NSW\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\diags\SpySweep\SpySweeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\hardware\APCPowerChutePE\apcsystray.exe
c:\hardware\QuickCam\FxSvr2.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-04-21 22:20:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-22 02:20
.
Pre-Run: 98,513,530,880 bytes free
Post-Run: 98,218,479,616 bytes free
.
- - End Of File - - 798C685D876959584BECC6BDC04593A7

Thanks for your continued assistance. What's next?

broni · 2011/04/21

Looks good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Xd23bgt · 2011/04/22

Post 1 of 3

Computer is doing great. There don't seem to be any after effects. Here's the latest logs (please see my questions at the end):

OTL logfile created on: 4/22/2011 11:13:06 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\R. Darrell Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 91.72 Gb Free Space | 37.57% Space Free | Partition Type: NTFS
Drive D: | 687.37 Gb Total Space | 383.51 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
Drive G: | 7.47 Gb Total Space | 7.02 Gb Free Space | 93.88% Space Free | Partition Type: FAT32
Drive K: | 476.25 Mb Total Space | 476.12 Mb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: SPORKO2 | User Name: R. Darrell Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 00:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe
PRC - [2011/04/18 23:45:04 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\DIAGS\SpySweep\WRConsumerService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\DIAGS\NSS\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\DIAGS\SpySweep\SpySweeper.exe
PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/01 21:43:08 | 000,708,608 | ---- | M] (Shaun Ivory) -- C:\GRAPHICS\PANORAMA\Panorama.exe
PRC - [2008/09/27 12:10:10 | 000,198,656 | ---- | M] () -- C:\APPLICAT\TrayIcon\trayicon.exe
PRC - [2008/09/25 14:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\DIAGS\NSW\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 14:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\DIAGS\NSW\Norton Utilities\NPROTECT.EXE
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\HARDWARE\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2008/06/06 00:31:20 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/20 20:58:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/02/01 12:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2005/12/12 17:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\HARDWARE\APCPowerChutePE\apcsystray.exe
PRC - [2005/12/12 17:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\HARDWARE\APCPowerChutePE\mainserv.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/16 18:25:28 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\HARDWARE\QuickCam\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\HARDWARE\QuickCam\FxSvr2.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\HARDWARE\SoundBlasterX-Fi\DVDAudio\CTDVDDET.exe
PRC - [2002/04/12 16:39:24 | 000,155,715 | ---- | M] () -- C:\HARDWARE\SAMSUNG\NaturalColor\NaturalColorLoad.exe
PRC - [1998/10/02 00:13:04 | 000,069,632 | ---- | M] (Spicey Programs) -- C:\UTILITY\sc.exe

========== Modules (SafeList) ==========

MOD - [2011/04/22 00:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\DIAGS\NSS\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 05:42:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 05:41:50 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2008/02/20 20:58:42 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 23:45:04 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\DIAGS\SpySweep\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/12/21 08:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\DIAGS\SecuniaPSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\DIAGS\NSS\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/01/03 20:47:15 | 001,028,432 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\APPLICAT\AdAware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\GAMES\DragonAge\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\DIAGS\SpySweep\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/07 17:20:18 | 000,121,376 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\HARDWARE\nVidia\SystemUpdate\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/01/06 16:52:02 | 000,174,624 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Hardware\nVidia\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\DIAGS\Sandra\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/25 14:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\DIAGS\NSW\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 14:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\DIAGS\NSW\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/09/01 19:09:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/06/06 00:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () [On_Demand | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) [On_Demand | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2008/04/14 05:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 05:41:56 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/12/12 17:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\HARDWARE\APCPowerChutePE\mainserv.exe -- (APC UPS Service)
SRV - [2005/10/06 20:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\GRAPHICS\PhotoshopElements\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)

========== Driver Services (SafeList) ==========

DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/03 17:51:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110420.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/03 17:50:59 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110420.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/11/28 00:58:27 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/27 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/27 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/26 23:55:48 | 005,524,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/21 07:30:32 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/05/27 14:52:12 | 000,829,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/28 10:12:02 | 000,095,232 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/02 17:07:00 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/01/22 00:09:54 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/01/13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/01/07 17:20:16 | 000,036,896 | ---- | M] (NVIDIA Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/12/03 23:45:30 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\DIAGS\Sandra\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/09/25 14:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 14:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/08/18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/18 18:54:00 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/05/08 21:36:17 | 000,752,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 09:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2008/02/25 09:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2008/02/25 09:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2008/02/25 09:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2008/02/25 09:41:06 | 000,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2008/02/25 09:41:02 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2008/02/25 09:40:56 | 000,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2008/02/25 09:40:52 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/12/06 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/11/05 21:57:46 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\APPLICAT\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/11/03 04:24:01 | 000,061,312 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssync05.sys -- (pssync05) CD Guard Synchronization Driver (v5)
DRV - [2006/09/11 08:01:44 | 000,067,960 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\psdrv02.sys -- (psdrv02) CD Guard Environment Driver (v2)
DRV - [2005/12/03 07:29:58 | 000,035,200 | ---- | M] (QSoft [ Qualitative Software ] ) [ QSoft ] Standard [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RAMDisk.sys -- (Ramdisk)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/08/10 10:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/19 17:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/31 11:13:24 | 000,163,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)
DRV - [2004/10/11 14:08:00 | 000,012,062 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/09 06:53:06 | 000,009,728 | R--- | M] (Western Digital) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inibtmgr.sys -- (inibtmgr)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 14:50:20 | 000,144,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epcfw2k.sys -- (epcfw2k)
DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 09:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)
DRV - [1999/10/04 13:30:34 | 000,139,047 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eplsw2k.sys -- (eplsw2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "about:blank "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ErrorZillaMod@jaybaldwin:0.39b
FF - prefs.js..extensions.enabledItems: launchy@gemal.dk:4.4.0
FF - prefs.js..extensions.enabledItems: {31DC1CBB-99B2-4652-8279-9BD385D81045}:2.1
FF - prefs.js..extensions.enabledItems: {343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829}:0.8.1
FF - prefs.js..extensions.enabledItems: {3474c305-9dad-11d8-9207-00055d74c2e4}:0.4.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {5A32C460-12D9-11D9-9669-0800200C9A66}:0.2.4
FF - prefs.js..extensions.enabledItems: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8}:0.2.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {8B41860E-5D30-4e96-BB09-CE22F491A481}:0.6.8.4
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.14.2011022201
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..extensions.enabledItems: {e22068c8-faf8-4620-b0d6-e2811a82e84b}:3.5
FF - prefs.js..extensions.enabledItems: {e3a1bec3-1cc1-4d20-875b-a10587471a5e}:0.8.2
FF - prefs.js..extensions.enabledItems: {ea702e71-fcda-4c39-93bb-fea2b543b58c}:0.7.0.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: {F2F6EC1A-8601-443B-812F-655E25AEF7D0}:0.4
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}:0.2.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: apollo@www.spuler.us:3.5
FF - prefs.js..extensions.enabledItems: {E800A8D5-6B36-4854-9F21-443F8CBFF835}:2.0.2
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.http_port: 4001

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/11/28 14:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/11/28 00:59:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/12 18:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\APPLICAT\Firefox\components [2011/04/12 18:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\APPLICAT\Firefox\plugins [2011/04/12 18:17:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\APPLICAT\TBird\components [2011/04/12 18:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\APPLICAT\TBird\plugins [2011/04/12 18:17:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.13\extensions\\Components: C:\APPLICAT\SeaMonkey\components [2011/04/12 18:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.13\extensions\\Plugins: C:\APPLICAT\SeaMonkey\plugins [2011/04/12 18:17:00 | 000,000,000 | ---D | M]

[2010/01/22 22:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Extensions
[2010/01/22 22:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/07 23:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/04/12 20:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions
[2010/05/20 18:39:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2006/10/23 10:58:25 | 000,000,000 | ---D | M] (LinkPreview) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{31DC1CBB-99B2-4652-8279-9BD385D81045}
[2009/10/15 20:02:06 | 000,000,000 | ---D | M] (firefix) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829}
[2006/11/28 15:14:17 | 000,000,000 | ---D | M] (Bookmark Backup) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}
[2009/11/20 21:28:37 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2011/02/11 20:31:42 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2006/10/23 10:57:32 | 000,000,000 | ---D | M] (Gcache) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{5A32C460-12D9-11D9-9669-0800200C9A66}
[2006/11/28 15:06:47 | 000,000,000 | ---D | M] ( "Stop-or-Reload Button ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
[2008/06/28 18:17:37 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2009/07/02 23:00:15 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/03/25 10:32:13 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2008/06/28 18:17:37 | 000,000,000 | ---D | M] (Bookmarks LinkChecker) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{8B41860E-5D30-4e96-BB09-CE22F491A481}
[2010/01/09 13:58:06 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2011/03/31 17:25:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/25 10:31:19 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2011/01/25 16:34:46 | 000,000,000 | ---D | M] ( "CoolPreviews ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011/03/25 10:35:51 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2008/06/28 18:17:47 | 000,000,000 | ---D | M] (NeedleSearch) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{e22068c8-faf8-4620-b0d6-e2811a82e84b}
[2009/09/14 19:55:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2006/11/28 15:06:46 | 000,000,000 | ---D | M] ( "Preferential ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
[2006/11/28 16:42:20 | 000,000,000 | ---D | M] (Modern Pinball) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2006/11/28 16:45:48 | 000,000,000 | ---D | M] (Sort Bookmarks) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{ea702e71-fcda-4c39-93bb-fea2b543b58c}
[2011/03/25 10:31:42 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2011/03/25 10:36:03 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2006/11/28 16:44:23 | 000,000,000 | ---D | M] (Optimoz Tweaks) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{F2F6EC1A-8601-443B-812F-655E25AEF7D0}
[2008/10/23 21:43:22 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2006/10/23 11:02:46 | 000,000,000 | ---D | M] ( "Wayback ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}
[2009/07/02 22:59:33 | 000,000,000 | ---D | M] (Apollo) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\apollo@www.spuler.us
[2010/10/06 18:25:55 | 000,000,000 | ---D | M] (ErrorZilla Mod) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\ErrorZillaMod@jaybaldwin
[2010/02/08 20:04:54 | 000,000,000 | ---D | M] (Launchy) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\launchy@gemal.dk
[2009/07/02 22:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\apollo@www.spuler.us\chrome\browser\extensions
[2009/07/02 22:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\apollo@www.spuler.us\chrome\browser\extensions\icons
[2009/07/02 22:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\apollo@www.spuler.us\chrome\mozapps\extensions
[2011/04/18 12:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions
[2010/01/30 00:56:03 | 000,000,000 | ---D | M] ( "Nautipolis for SeaMonkey ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{4b15ab39-47d7-4b41-9279-9291dcfc8b61}
[2010/12/13 16:31:59 | 000,000,000 | ---D | M] (googlebar) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/01/08 00:09:40 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2011/02/08 18:21:11 | 000,000,000 | ---D | M] (Single Key Tab Switch) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{a66191d8-898b-4a66-89be-d5b279477a54}
[2011/02/08 18:21:12 | 000,000,000 | ---D | M] (Tabs Menu) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{dc5d9a10-2736-11da-8cd6-0800200c9a66}
[2010/01/08 00:16:52 | 000,000,000 | ---D | M] (Preferential) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
[2011/04/16 10:32:26 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/01/08 00:14:11 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011/04/16 10:32:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\coralietab@mozdev.org
[2011/02/08 18:21:12 | 000,000,000 | ---D | M] (Tab Wheel Scroll) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\tabscroll@mthamil
[2010/10/07 11:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\APPLICAT\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/28 00:59:34 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/11/28 14:11:58 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/04/12 18:16:00 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/07 11:34:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/04/21 22:07:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\APPLICAT\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLICAT\SpybotSD\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\DIAGS\NSS\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\DIAGS\NSS\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\DIAGS\NSS\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\DIAGS\NSS\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\HARDWARE\AMD\Dual-CoreOptimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CMCService] C:\Program Files\ATI\Catalyst Media Center\CMCService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CTDVDDET] C:\HARDWARE\SoundBlasterX-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\HARDWARE\QuickCam\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\HARDWARE\QuickCam\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NSWosCheck] C:\DIAGS\NSW\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SpySweeper] C:\DIAGS\SpySweep\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\HARDWARE\APCPowerChutePE\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Command Prompt.lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\HARDWARE\SAMSUNG\NaturalColor\NaturalColorLoad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Panorama 1.31.lnk = C:\GRAPHICS\PANORAMA\Panorama.exe (Shaun Ivory)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spicey Corners 2.10.lnk = C:\UTILITY\sc.exe (Spicey Programs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayIcon 2.1.lnk = C:\APPLICAT\TrayIcon\trayicon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Volume Panel.lnk = C:\HARDWARE\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with GetRight - C:\APPLICAT\GetRight\GRDownload.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\APPLICAT\MicrosoftOffice\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: GetRight Mini-Browser - C:\APPLICAT\GetRight\IETools\GRMiniBrowser.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\APPLICAT\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Search FileMirrors - C:\APPLICAT\GetRight\IETools\FileMirrors.htm ()
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\DIAGS\NSW\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\DIAGS\NSW\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\APPLICAT\MicrosoftOffice\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLICAT\SpybotSD\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft.com/fwlink/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1259240547640 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214106037859 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229144092234 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O29 - HKLM SecurityProviders - (rpasspc.dll) - C:\WINDOWS\System32\RPASSPC.dll (CompuServe Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/16 01:29:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Xd23bgt · 2011/04/22

Post 2 of 3

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ATI\CATALY~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (57434506000334848)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 11:10:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe
[2011/04/21 22:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/21 08:42:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/21 08:39:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/21 08:39:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/21 08:39:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/21 08:39:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/21 08:38:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/21 08:38:16 | 000,000,000 | -H-D | C] -- C:\Qoobox
[2011/04/20 21:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Malwarebytes
[2011/04/20 21:19:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/20 21:19:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/19 00:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/18 23:43:44 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2011/04/18 23:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Webroot
[2011/04/18 23:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2011/04/18 16:47:47 | 000,000,000 | -H-D | C] -- C:\~ErdUserProfile.$$$
[2011/04/18 07:56:57 | 000,000,000 | -H-D | C] -- C:\NBRT
[2011/04/13 21:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XSettings
[2011/04/12 18:14:28 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/04/12 18:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/04/09 17:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Darrell Smith\Start Menu\Programs\Video Utilities
[2011/03/30 16:08:21 | 000,000,000 | ---D | C] -- C:\TMP12
[2011/03/30 16:08:19 | 000,000,000 | ---D | C] -- C:\TMP11
[2011/03/30 12:10:36 | 000,000,000 | ---D | C] -- C:\TMP10
[2011/03/30 11:40:14 | 000,000,000 | ---D | C] -- C:\TMP9
[2011/03/28 18:06:36 | 000,000,000 | ---D | C] -- C:\TMP7
[2008/02/20 20:44:02 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/22 10:58:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/22 10:54:53 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx
[2011/04/22 10:54:53 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx
[2011/04/22 10:54:53 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx
[2011/04/22 00:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe
[2011/04/21 22:07:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/04/21 08:42:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/04/20 11:34:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/17 20:17:34 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\SharedSettings.ccs
[2011/04/17 00:00:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/17 00:00:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/16 01:00:52 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/15 01:01:46 | 000,585,389 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\jap.conf
[2011/04/13 18:20:47 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2011/04/13 10:19:04 | 000,000,115 | ---- | M] () -- C:\WINDOWS\OUTSTACKER.INI
[2011/04/12 18:14:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/04/12 15:59:01 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/04/10 21:47:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/03/31 19:29:37 | 000,011,127 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\gsview32.ini
[2011/03/31 18:24:43 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/22 10:51:01 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/04/22 10:50:57 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2011/04/21 08:42:40 | 000,000,223 | -H-- | C] () -- C:\Boot.bak
[2011/04/21 08:42:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/21 08:39:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/21 08:39:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/21 08:39:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/21 08:39:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/21 08:39:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/13 18:05:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/04/10 21:47:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/03/31 20:06:54 | 002,309,120 | ---- | C] () -- C:\WINDOWS\System32\pdfrepair.exe
[2011/03/31 19:27:26 | 000,011,127 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\gsview32.ini
[2011/03/31 18:24:43 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/03/12 22:13:33 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/03/12 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/03/12 20:49:35 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/03/11 22:17:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/11/13 21:49:34 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2010/10/12 11:42:32 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/10/12 11:42:19 | 000,163,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV532AV.SYS
[2010/10/12 11:42:19 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/30 18:26:17 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\default.rss
[2010/07/07 21:40:16 | 000,003,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\NTHANDLE.SYS
[2010/04/09 21:41:34 | 000,068,917 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/04/09 21:41:34 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/02/09 23:24:16 | 000,068,816 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/02/09 23:22:39 | 000,028,978 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/01/01 18:49:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/13 17:36:00 | 000,001,952 | ---- | C] () -- C:\WINDOWS\PASETUP.INI
[2009/12/13 17:32:02 | 000,002,437 | ---- | C] () -- C:\WINDOWS\POWERUP.INI
[2009/12/13 16:14:25 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\SharedSettings.ccs
[2009/12/13 16:09:09 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2009/12/12 00:40:33 | 000,000,219 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/05/03 07:44:38 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/28 17:45:46 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/04/25 01:19:17 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/16 20:50:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/16 20:20:26 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/01 22:47:27 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/03/02 22:33:49 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/02/16 22:38:02 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave.INI
[2009/02/16 22:20:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/02/07 21:34:27 | 008,507,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/02/07 20:13:00 | 000,000,115 | ---- | C] () -- C:\WINDOWS\OUTSTACKER.INI
[2009/02/05 20:32:07 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/01/18 22:16:59 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EFXP.INI
[2009/01/18 21:12:25 | 000,000,827 | ---- | C] () -- C:\WINDOWS\EF.ini
[2009/01/18 21:06:54 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/01/18 20:57:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SSIMB.INI
[2009/01/17 21:59:44 | 000,000,597 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/01/17 20:18:18 | 000,000,144 | ---- | C] () -- C:\WINDOWS\PG3prefs.ini
[2009/01/15 23:43:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PPTVIEW.INI
[2009/01/15 23:30:25 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2009/01/15 22:18:26 | 000,012,816 | ---- | C] () -- C:\WINDOWS\logos20.ini
[2009/01/11 23:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ins.INI
[2009/01/11 18:09:23 | 000,004,302 | ---- | C] () -- C:\WINDOWS\7thLevel.ini
[2009/01/11 12:54:21 | 000,000,033 | ---- | C] () -- C:\WINDOWS\forevermopt.INI
[2009/01/06 22:37:09 | 000,000,520 | ---- | C] () -- C:\WINDOWS\hwsolii.ini
[2009/01/06 22:22:39 | 000,158,720 | ---- | C] () -- C:\WINDOWS\RefUinst.exe
[2009/01/03 00:32:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/01/02 23:00:08 | 000,000,867 | ---- | C] () -- C:\WINDOWS\DR2.ini
[2009/01/02 22:01:51 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/01/01 23:06:36 | 000,000,755 | ---- | C] () -- C:\WINDOWS\BZII.INI
[2008/12/24 21:51:12 | 000,000,296 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/12/24 18:14:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/24 18:14:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/24 18:14:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/24 18:14:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/24 18:14:27 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/24 18:14:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/24 17:57:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2008/12/20 12:04:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2008/12/20 01:06:26 | 000,000,705 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2008/12/08 19:49:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/08 19:49:47 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/05 23:09:48 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/03 23:45:31 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/12/03 23:45:30 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/29 21:51:27 | 000,000,454 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/11/28 01:26:01 | 000,000,089 | ---- | C] () -- C:\WINDOWS\civnet.ini
[2008/11/28 01:19:11 | 000,000,247 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/11/27 16:08:24 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/11/21 19:15:47 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\PFP110JPR.{PB
[2008/11/21 19:15:47 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\PFP110JCM.{PB
[2008/10/24 19:27:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Prima.ini
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 21:03:39 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008/09/13 10:46:16 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/09/13 10:46:16 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/09/13 10:46:16 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/09/01 20:01:03 | 001,746,360 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2008/07/14 22:12:14 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/14 22:12:14 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\PnkBstrK.sys
[2008/07/14 22:11:57 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/07/14 22:11:53 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/07/14 22:11:53 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/07/12 23:14:49 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\xxconsole.ini
[2008/07/12 23:11:27 | 000,230,377 | ---- | C] () -- C:\WINDOWS\System32\XXCOPY16.EXE
[2008/07/11 15:50:28 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/07/07 21:46:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/02 21:41:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\GetCis.dll
[2008/07/02 20:41:46 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vkcustom.ini
[2008/07/02 20:41:43 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\VkUninst.dll
[2008/07/02 20:40:39 | 000,403,456 | ---- | C] () -- C:\WINDOWS\System32\CCTN240C.DLL
[2008/07/02 20:40:39 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\SH33W32.DLL
[2008/07/02 20:40:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\GOCSERVE.EXE
[2008/07/02 20:40:33 | 000,000,180 | ---- | C] () -- C:\WINDOWS\CServe.ini
[2008/07/02 20:40:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cs3inst.ini
[2008/06/28 22:36:11 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\_inmm.dll
[2008/06/28 21:55:35 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/06/28 19:33:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/28 19:33:37 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2008/06/28 19:33:26 | 000,008,325 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/24 22:32:04 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/06/24 21:31:28 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/06/24 21:31:28 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/06/24 21:30:39 | 000,000,649 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/06/21 23:46:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/06/21 23:46:04 | 000,005,989 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/21 23:45:58 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/06/21 01:40:28 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/06/21 01:23:28 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008/06/21 00:31:21 | 000,012,062 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2008/06/21 00:27:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008/06/20 23:43:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/06/20 23:43:56 | 000,004,273 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/06/20 21:58:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/20 21:48:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/20 18:35:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/20 18:34:34 | 000,489,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/06 19:13:06 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/02/20 21:00:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/02/20 20:58:46 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2008/02/20 20:49:46 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/02/20 20:49:46 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2008/02/20 20:46:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2008/02/20 20:46:20 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2008/02/20 20:44:34 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2008/02/20 20:44:26 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2008/02/20 20:44:26 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/02/20 20:44:10 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/02/20 20:44:10 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/02/20 20:44:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2007/03/10 14:13:16 | 000,000,274 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2006/10/02 17:25:18 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/04/12 22:37:43 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DreamCalc DC3G.dat
[2006/04/01 22:36:28 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/21 14:47:09 | 002,060,800 | ---- | C] () -- C:\WINDOWS\setup_rangers_2.exe
[2006/01/19 00:57:50 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Local Settings\Application Data\fusioncache.dat
[2005/10/29 19:31:08 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/08/04 03:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 16:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/12 01:31:54 | 000,008,391 | ---- | C] () -- C:\WINDOWS\PWRPLAY.INI
[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/02/07 21:31:48 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,443,878 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,072,136 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/12 18:14:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\shelexec.exe

========== LOP Check ==========

[2009/03/02 21:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MailFrontier
[2010/02/06 23:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/09/12 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software
[2009/02/05 20:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/12/03 23:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/01 16:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/02/09 19:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2009/01/15 23:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Libronix DLS
[2009/04/16 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/11/28 10:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/07/07 20:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/01/23 00:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProjectZoo
[2010/08/14 13:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2009/02/06 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/06/19 17:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X10 Settings
[2011/04/13 21:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XSettings
[2010/11/28 00:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles
[2009/05/02 17:05:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010/11/11 01:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{881A9191-B4BF-4950-9F18-A05E2263DA42}
[2009/01/22 00:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Ascaron Entertainment
[2011/04/18 12:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Audacity
[2010/04/09 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\CheckPoint
[2010/09/12 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\CoffeeCup Software
[2009/12/16 00:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\ImgBurn
[2006/04/03 01:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\InterVideo
[2011/04/11 11:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\JonDo
[2006/01/19 11:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Leadertech
[2009/01/16 00:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Libronix DLS
[2006/02/21 18:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\LucasArts
[2011/03/15 14:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\MailWasher
[2006/12/26 19:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\My Battle for Middle-earth Files
[2006/03/04 23:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\My Battle for Middle-earth(tm) II Files
[2006/10/16 13:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\My Games
[2007/01/02 00:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2009/07/11 20:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\OfficeUpdate12
[2010/01/01 01:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Opera
[2006/11/02 19:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Petroglyph
[2009/12/24 17:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Pollux Gamelabs
[2009/08/07 08:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\PolyView
[2009/01/15 21:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\QuickVerse11
[2010/05/30 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\scriptocean
[2009/04/18 12:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\streamripper
[2011/03/14 12:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\TagScanner
[2010/01/22 22:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Thunderbird
[2010/11/29 11:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Tific
[2008/09/30 22:37:57 | 000,032,548 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/04/22 10:58:05 | 000,196,892 | ---- | M] () -- C:\aaw7boot.log
[2006/01/16 01:29:24 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2010/04/08 21:53:08 | 000,000,223 | -H-- | M] () -- C:\Boot.bak
[2011/04/21 08:42:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/01/16 01:29:24 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/01/16 01:29:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/01/16 01:29:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/22 19:59:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/22 10:58:07 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/06/20 21:55:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/02/10 00:46:34 | 003,013,120 | ---- | M] (KellySoftware) -- C:\WINDOWS\Matrix_ks.SCR
[1994/10/01 13:00:00 | 000,004,768 | ---- | M] (7th Level) -- C:\WINDOWS\pythsavr.scr
[2007/03/10 14:22:36 | 000,549,888 | ---- | M] () -- C:\WINDOWS\TheMatrix.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/06/20 18:33:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/20 18:33:41 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/20 18:33:41 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/06/22 20:11:55 | 000,000,142 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/01/19 00:57:43 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/01/19 00:57:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/22 00:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2009/01/09 20:42:06 | 000,000,414 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{0c0d15da-2872-44bc-a0f0-b5bb018b8273}.sdb
[2009/01/11 21:44:43 | 000,000,618 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{1b6c5761-6d7a-4ad2-9556-10754db44fbd}.sdb
[2009/01/09 20:53:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{448850f4-a5ea-4dd1-bf1b-d5fa285dc64b}.sdb
[2009/01/14 23:01:21 | 000,000,618 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{46157f2d-7b71-42dd-8afe-3c1f220bccb9}.sdb
[2009/01/11 21:40:09 | 000,000,618 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{db98b9ad-83a2-4280-a120-fb851bfb64ec}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/21 20:23:22 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\Favorites\Backups.lnk
[2006/01/19 00:57:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\R. Darrell Smith\Favorites\Desktop.ini
[2010/11/21 20:23:22 | 000,000,475 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\Favorites\Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2006/02/09 13:27:45 | 000,000,394 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/22 10:59:51 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 05:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 23:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 23:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 23:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\R. Darrell Smith\Desktop\QuickVerse.pif:SummaryInformation

< End of report >

OTL Extras logfile created on: 4/22/2011 11:13:06 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\R. Darrell Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 91.72 Gb Free Space | 37.57% Space Free | Partition Type: NTFS
Drive D: | 687.37 Gb Total Space | 383.51 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
Drive G: | 7.47 Gb Total Space | 7.02 Gb Free Space | 93.88% Space Free | Partition Type: FAT32
Drive K: | 476.25 Mb Total Space | 476.12 Mb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: SPORKO2 | User Name: R. Darrell Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.jse [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\APPLICAT\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\APPLICAT\MicrosoftOffice\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [open] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabledeer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabledeer Name Resolution Protocol (PNRP)
"17770:UDP" = 17770:UDP:*:Enabled:BZ2
"17771:UDP" = 17771:UDP:*:Enabled:BZ2
"17772:UDP" = 17772:UDP:*:Enabled:BZ2
"17770:TCP" = 17770:TCP:*:Enabled:BZ2
"17771:TCP" = 17771:TCP:*:Enabled:BZ2
"17772:TCP" = 17772:TCP:*:Enabled:BZ2
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\GAMES\Battle2142\BF2142.exe" = D:\GAMES\Battle2142\BF2142.exe:*:Enabled:BF2142 -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\APPLICAT\Teamspeak\Server\server_windows.exe" = C:\APPLICAT\Teamspeak\Server\server_windows.exe:*:Enabled:server_windows -- ()
"D:\GAMES\Battle1942\BF1942.exe" = D:\GAMES\Battle1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\GAMES\RavenShield\system\ravenshield.exe" = D:\GAMES\RavenShield\system\ravenshield.exe:*:Enabled:ravenshield -- ()
"D:\GAMES\CIV4\Beyond the Sword\Civ4BeyondSword.exe" = D:\GAMES\CIV4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"D:\GAMES\CIV4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = D:\GAMES\CIV4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"D:\GAMES\Warcraft3\Warcraft III.exe" = D:\GAMES\Warcraft3\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\GAMES\CallOfDuty\CoDMP.exe" = D:\GAMES\CallOfDuty\CoDMP.exe:*:Enabled:CoDMP -- ()
"D:\GAMES\CallOfDuty\CoDUOMP.exe" = D:\GAMES\CallOfDuty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
"D:\GAMES\Heroes3\HEROES3.EXE" = D:\GAMES\Heroes3\HEROES3.EXE:*:Enabled:Heroes of Might and Magic® III -- (The 3DO Company)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\APPLICAT\eMule\emule.exe" = C:\APPLICAT\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"D:\GAMES\SWBattlefront2\GameData\BattlefrontII.exe" = D:\GAMES\SWBattlefront2\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII -- ()
"D:\GAMES\Civ4Colonization\Colonization.exe" = D:\GAMES\Civ4Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games)
"D:\GAMES\SpellForce2\spellforce2.exe" = D:\GAMES\SpellForce2\spellforce2.exe:*:Enabled:SpellForce 2 - Shadow Wars -- ()
"D:\GAMES\UT3\Binaries\UT3.exe" = D:\GAMES\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"D:\GAMES\Heroes of Might and Magic V\bin\H5_Game.exe" = D:\GAMES\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- ()
"D:\GAMES\Heroes of Might and Magic V\bina1\H5_Game.exe" = D:\GAMES\Heroes of Might and Magic V\bina1\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- ()
"D:\GAMES\Heroes of Might and Magic V\Tribes of the East\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe" = D:\GAMES\Heroes of Might and Magic V\Tribes of the East\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V- Tribes of the East -- ()
"D:\GAMES\Batzone2\bzone.exe" = D:\GAMES\Batzone2\bzone.exe:*:Enabled:Battlezone II -- (Pandemic Studios)
"C:\APPLICAT\GetRight\GetRight.exe" = C:\APPLICAT\GetRight\GetRight.exe:*:Enabled:GetRight® Download Manager. www.GetRight.com -- (Headlight Software, Inc.)
"D:\GAMES\ShatteredUnion\ShatteredUnion.exe" = D:\GAMES\ShatteredUnion\ShatteredUnion.exe:*:Enabled:Shattered Union -- (PopTop Software, Inc.)
"D:\GAMES\RoboRumble\DATA\rr_dx5.exe" = D:\GAMES\RoboRumble\DATA\rr_dx5.exe:*:Enabled:rr_dx5 -- ()
"C:\DIAGS\Sandra\RpcAgentSrv.exe" = C:\DIAGS\Sandra\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"D:\GAMES\Re-Volt\revolt.exe" = D:\GAMES\Re-Volt\revolt.exe:*:Enabled:revolt -- ()
"D:\GAMES\MassEffect\Binaries\MassEffect.exe" = D:\GAMES\MassEffect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"D:\GAMES\MassEffect\MassEffectLauncher.exe" = D:\GAMES\MassEffect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\APPLICAT\Opera\opera.exe" = C:\APPLICAT\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\GAMES\UT2004\System\UT2004.exe" = D:\GAMES\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\APPLICAT\SeaMonkey\seamonkey.exe" = C:\APPLICAT\SeaMonkey\seamonkey.exe:*:Enabled:SeaMonkey -- (mozilla.org)
"C:\APPLICAT\FreeFTP\FreeFTP.exe" = C:\APPLICAT\FreeFTP\FreeFTP.exe:*:Enabled:FreeFTP (Internet File Transfer Program) -- (Brandyware Software)
"C:\APPLICAT\CoffeeCupFreeFTP\FreeFTP.exe" = C:\APPLICAT\CoffeeCupFreeFTP\FreeFTP.exe:*:Enabledirect FTP Application -- (CoffeeCup Software, Inc.)
"D:\GAMES\LostEmpire\LostEmpire.exe" = D:\GAMES\LostEmpire\LostEmpire.exe:*:Enabled:Lost Empire - Immortals -- (Pollux Gamelabs)
"D:\GAMES\DragonAge\bin_ship\daorigins.exe" = D:\GAMES\DragonAge\bin_ship\daorigins.exe:*:Enabledragon Age Origins Game -- (BioWare)
"D:\GAMES\DragonAge\DAOriginsLauncher.exe" = D:\GAMES\DragonAge\DAOriginsLauncher.exe:*:Enabledragon Age Origins Launcher -- (BioWare)
"D:\GAMES\MassEffect2\Binaries\MassEffect2.exe" = D:\GAMES\MassEffect2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)
"D:\GAMES\MassEffect2\MassEffect2Launcher.exe" = D:\GAMES\MassEffect2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)
"C:\DIAGS\Sandra\WNt500x86\RpcSandraSrv.exe" = C:\DIAGS\Sandra\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"D:\GAMES\DragonAge\bin_ship\daupdatersvc.service.exe" = D:\GAMES\DragonAge\bin_ship\daupdatersvc.service.exe:*:Enabledragon Age Origins Updater -- (BioWare)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

Xd23bgt · 2011/04/22

Post 3 of 3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\GAMES\Battle2142\BF2142.exe" = D:\GAMES\Battle2142\BF2142.exe:*:Enabled:BF2142 -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\APPLICAT\Teamspeak\Server\server_windows.exe" = C:\APPLICAT\Teamspeak\Server\server_windows.exe:*:Enabled:server_windows -- ()
"D:\GAMES\Battle1942\BF1942.exe" = D:\GAMES\Battle1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\GAMES\RavenShield\system\ravenshield.exe" = D:\GAMES\RavenShield\system\ravenshield.exe:*:Enabled:ravenshield -- ()
"D:\GAMES\CIV4\Beyond the Sword\Civ4BeyondSword.exe" = D:\GAMES\CIV4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"D:\GAMES\CIV4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = D:\GAMES\CIV4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"D:\GAMES\Warcraft3\Warcraft III.exe" = D:\GAMES\Warcraft3\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\GAMES\CallOfDuty\CoDMP.exe" = D:\GAMES\CallOfDuty\CoDMP.exe:*:Enabled:CoDMP -- ()
"D:\GAMES\CallOfDuty\CoDUOMP.exe" = D:\GAMES\CallOfDuty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
"D:\GAMES\Heroes3\HEROES3.EXE" = D:\GAMES\Heroes3\HEROES3.EXE:*:Enabled:Heroes of Might and Magic® III -- (The 3DO Company)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\APPLICAT\eMule\emule.exe" = C:\APPLICAT\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"D:\GAMES\SWBattlefront2\GameData\BattlefrontII.exe" = D:\GAMES\SWBattlefront2\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII -- ()
"D:\GAMES\Civ4Colonization\Colonization.exe" = D:\GAMES\Civ4Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games)
"D:\GAMES\SpellForce2\spellforce2.exe" = D:\GAMES\SpellForce2\spellforce2.exe:*:Enabled:SpellForce 2 - Shadow Wars -- ()
"D:\GAMES\UT3\Binaries\UT3.exe" = D:\GAMES\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"D:\GAMES\Heroes of Might and Magic V\bin\H5_Game.exe" = D:\GAMES\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- ()
"D:\GAMES\Heroes of Might and Magic V\bina1\H5_Game.exe" = D:\GAMES\Heroes of Might and Magic V\bina1\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- ()
"D:\GAMES\Heroes of Might and Magic V\Tribes of the East\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe" = D:\GAMES\Heroes of Might and Magic V\Tribes of the East\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V- Tribes of the East -- ()
"D:\GAMES\Batzone2\bzone.exe" = D:\GAMES\Batzone2\bzone.exe:*:Enabled:Battlezone II -- (Pandemic Studios)
"C:\APPLICAT\GetRight\GetRight.exe" = C:\APPLICAT\GetRight\GetRight.exe:*:Enabled:GetRight® Download Manager. www.GetRight.com -- (Headlight Software, Inc.)
"D:\GAMES\ShatteredUnion\ShatteredUnion.exe" = D:\GAMES\ShatteredUnion\ShatteredUnion.exe:*:Enabled:Shattered Union -- (PopTop Software, Inc.)
"D:\GAMES\RoboRumble\DATA\rr_dx5.exe" = D:\GAMES\RoboRumble\DATA\rr_dx5.exe:*:Enabled:rr_dx5 -- ()
"C:\DIAGS\Sandra\RpcAgentSrv.exe" = C:\DIAGS\Sandra\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"D:\GAMES\Re-Volt\revolt.exe" = D:\GAMES\Re-Volt\revolt.exe:*:Enabled:revolt -- ()
"D:\GAMES\MassEffect\Binaries\MassEffect.exe" = D:\GAMES\MassEffect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"D:\GAMES\MassEffect\MassEffectLauncher.exe" = D:\GAMES\MassEffect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\APPLICAT\Opera\opera.exe" = C:\APPLICAT\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\GAMES\UT2004\System\UT2004.exe" = D:\GAMES\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\APPLICAT\SeaMonkey\seamonkey.exe" = C:\APPLICAT\SeaMonkey\seamonkey.exe:*:Enabled:SeaMonkey -- (mozilla.org)
"C:\APPLICAT\FreeFTP\FreeFTP.exe" = C:\APPLICAT\FreeFTP\FreeFTP.exe:*:Enabled:FreeFTP (Internet File Transfer Program) -- (Brandyware Software)
"C:\APPLICAT\CoffeeCupFreeFTP\FreeFTP.exe" = C:\APPLICAT\CoffeeCupFreeFTP\FreeFTP.exe:*:Enabledirect FTP Application -- (CoffeeCup Software, Inc.)
"D:\GAMES\LostEmpire\LostEmpire.exe" = D:\GAMES\LostEmpire\LostEmpire.exe:*:Enabled:Lost Empire - Immortals -- (Pollux Gamelabs)
"D:\GAMES\DragonAge\bin_ship\daorigins.exe" = D:\GAMES\DragonAge\bin_ship\daorigins.exe:*:Enabledragon Age Origins Game -- (BioWare)
"D:\GAMES\DragonAge\DAOriginsLauncher.exe" = D:\GAMES\DragonAge\DAOriginsLauncher.exe:*:Enabledragon Age Origins Launcher -- (BioWare)
"D:\GAMES\MassEffect2\Binaries\MassEffect2.exe" = D:\GAMES\MassEffect2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)
"D:\GAMES\MassEffect2\MassEffect2Launcher.exe" = D:\GAMES\MassEffect2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)
"C:\DIAGS\Sandra\WNt500x86\RpcSandraSrv.exe" = C:\DIAGS\Sandra\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"D:\GAMES\DragonAge\bin_ship\daupdatersvc.service.exe" = D:\GAMES\DragonAge\bin_ship\daupdatersvc.service.exe:*:Enabledragon Age Origins Updater -- (BioWare)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_inmm" = _inmm.dll 2.35
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{00DEB00E-B24F-4FB8-BC31-6853979FBCC8}" = The Great Escape
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0c0d15da-2872-44bc-a0f0-b5bb018b8273}.sdb" = earmusf.exe custom database
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E3673BA-262D-61D0-3F2F-D6DE0F687F62}" = ATI AVIVO Codecs
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12BC79CA-8138-40C5-870C-C7F821C0C143}" = SpellForce 2 - Shadow Wars
"{131DB4F3-9888-0F1A-0AB8-AD3F9B15A29D}" = Catalyst Control Center Graphics Previews Common
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver
"{19F74295-730D-0FE4-CCA9-73C2E8A18A50}" = ccc-utility
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1b6c5761-6d7a-4ad2-9556-10754db44fbd}.sdb" = nfs2sen.exe custom database
"{1C04D433-2EDF-4AFB-B31B-C0B13065092F}" = MagicTune 2.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Catalyst Media Center
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{297D51FC-9AE2-4778-AB62-D202E7EE7D53}" = Robot Arena 2
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = BD/HD Advisor 1.0
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Simsâ„¢ 2 Double Deluxe
"{2D6F0BB0-2832-4C88-B82B-9CA543A81B6D}" = The Day After
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{41E89277-CE1D-E37A-68B5-1AF0225F3BBC}" = ATI Catalyst Install Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42D622D1-F712-4986-838B-09678EAD9FC3}" = Civilization III Conquests BETA Patch v1.12
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{448850f4-a5ea-4dd1-bf1b-d5fa285dc64b}.sdb" = Application Verifier Database
"{46157f2d-7b71-42dd-8afe-3c1f220bccb9}.sdb" = nfs2sen.exe custom database
"{472ABCE2-5B2E-4D29-ABF4-94E1097558A6}" = Diplomacy
"{47836B39-2465-4F39-9D7E-52F70A1C3D72}" = Axis & Allies
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Family Pack 5
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = Libronix Update
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquestâ„¢
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63B263C2-1B61-11D4-8B6D-00C0F01F6881}" = B17 - The Mighty Eighth
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6564DCE3-9887-A0D9-5800-3605FFE62888}" = ccc-core-static
"{664FF9A8-7E44-4E17-AD40-D10E15504C49}" = Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016
"{66F50839-A069-4903-B6B5-E438077A42ED}" = ATI TV Settings
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6C677A88-ACCE-41F6-ADFA-E48C30718CEB}" = Tiger Woods PGA TOUR 2002
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71F17309-007D-43F9-9313-DBFBA5FCB3B3}" = LightScribe Optical Disc Kit
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781D316B-77BA-48C3-8310-42EAFB61ED31}" = Shattered Union
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7FF95D80-7FEA-11D3-BDE9-0050DA1AB3B9}" = UltraPlayer
"{81521545-BE95-4869-92FA-CC2E276C790E}" = Tom Clancy's Rainbow Six 3: Iron Wrath 1.00.000
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8BE42F8D-1B1A-492C-C79A-F71738CC8B24}" = CCC Help English
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8d3e0aeb-f6b3-4b1f-acbb-976140d7dff0}" = Nero 9
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate(TM) II - Shadows of Amn(TM)
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9002CEE2-B9AD-4425-B85C-9680A159BEEB}" = Norton SystemWorks Basic Edition
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90240409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Resource Kit
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}" = InterVideo DVDCopy 2 for AsusTek
"{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"{99D8FBBF-66BA-51C4-787F-283DC6DA3522}" = Catalyst Control Center InstallProxy
"{9A587D60-8CC4-ADE8-9035-E8751E4E8538}" = ATI MCE Encoder
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}" = Enter The Matrix
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1981877-5B9F-4001-A070-A05DD352EA23}" = Secret Weapons Over Normandy
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99573E8-AC6A-419F-928A-E7D169F4A12A}" = Microsoft Train Simulator gmax Sample Loco
"{AA6DB661-37A2-49DA-A6A6-06962600887C}" = Art Explosion Christian Greeting Card Factory
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}" = UT3 Domination (CBP Edition)
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B23DD567-8CFF-40FF-A47C-6508D15986A0}" = Machine Check Analysis Tool
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4CF72FF-4A3F-44A7-BFF2-31A8E1CC70B6}" = Application Compatibility Toolkit
"{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}" = Civilization III - Play the World v1.27F
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC351B44-5610-43C5-81E6-A2C760CB0A20}" = Graphical Query Editor
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Pluginâ„¢ 1.0
"{DB7A9715-3F41-4A28-93DB-E03E1B1FC884}" = Lost Empire - Immortals
"{db98b9ad-83a2-4280-a120-fb851bfb64ec}.sdb" = nfs2sea.exe custom database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.0
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8650C8D-CCB2-496E-816C-ECC54A7EE411}" = Civilization III Play the World
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EA1A669B-302B-4E6E-BD23-FA5572A7A85C}" = AMD Power Monitor
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}" = InterVideo Disc Master 2
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F7311566-7EA9-4213-A7F8-E0C237EFAD16}" = UFO Extraterrestrials
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC4F90EC-B1DA-11D9-9D77-000129760D75}" = Catalyst Media Center DVD Authoring Module
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 4.65
"ABI- CODER 3.5.8.1" = ABI- CODER 3.5.8.1
"ABI- Key and Password Manager 1.02" = ABI- Key and Password Manager 1.02
"AC3Filter_is1" = AC3Filter 1.63b
"Acoustica Effects Pack" = Acoustica Effects Pack
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Activision_HG2UninstallKey" = Heavy Gear 2
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Air Mogul" = Air Mogul
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AudioCS" = Creative Audio Control Panel
"Backgammon Professional" = Backgammon Professional
"Blade Runner" = Blade Runner
"Britannica Ready Reference" = Britannica Ready Reference
"CivilWar" = Civil War
"CoffeeCup Free FTP 4.3.2" = CoffeeCup Free FTP
"Console Launcher" = Creative Console Launcher
"Creative Media Toolbox" = Creative Media Toolbox
"Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Volume Panel" = Volume Panel
"Crimson Skies 1.0" = Microsoft Crimson Skies
"CS30DeinstKey" = CompuServe 4.0.2
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dark Reign 2" = Dark Reign 2
"DC Essential Files_is1" = DC Essential Files v1.3
"DesertCombat_Public_Alpha__0.2" = DesertCombat 0.6F
"Desperados 1.0" = Desperados 1.0
"Diplomacy" = Diplomacy
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Duplicate Cleaner" = Duplicate Cleaner 1.4.7c
"EADM" = EA Download Manager
"Foster Yeoman PGA Hopper Wagon" = Foster Yeoman PGA Hopper Wagon
"Galactic Civilizations" = Galactic Civilizations
"Galactic Civilizations: The Altarian Prophecy" = Galactic Civilizations: The Altarian Prophecy
"Gangsters" = Gangsters
"GetRight_is1" = GetRight
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GSview 4.9" = GSview 4.9
"Hardwar" = Hardwar
"Hardwood Solitaire II" = Hardwood Solitaire II
"Hardwood Spades" = Hardwood Spades
"HarpoonClassic97V1" = Harpoon Classic 97
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"In Nomine_is1" = In Nomine 3.2
"InstallShield_{297D51FC-9AE2-4778-AB62-D202E7EE7D53}" = Robot Arena 2
"InstallShield_{2D6F0BB0-2832-4C88-B82B-9CA543A81B6D}" = The Day After
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"InstallShield_{9E9BDBA6-8EA4-4850-8DC9-0AAD8D18CBDC}" = The Day After patch 1.2
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"JAP" = JAP
"John Deere American Farmer_is1" = John Deere American Farmer TM v1.0
"Libronix DLS" = Libronix Digital Library System
"MailWasher_is1" = MailWasher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master of Orion 3" = Master of Orion 3
"Merchant Prince II" = Merchant Prince II
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Monopoly Star Wars" = Monopoly Star Wars
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Myst for Windows 95" = Myst for Windows 95
"N360" = Norton Security Suite
"Need For Speed II SE" = Need For Speed II SE
"Nelson's Electronic LessonWorks" = Nelson's Electronic LessonWorks 1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nuclear Strike" = Nuclear Strike
"NVIDIA Drivers" = NVIDIA Drivers
"NxS Balloon Tip Notification Plugin" = NxS Balloon Tip Notification Plugin 2.8
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"Opera 11.01.1190" = Opera 11.01
"Panzer General 2" = Panzer General 2
"Panzer General 3D" = Panzer General 3D
"Parkan 2_is1" = Parkan 2
"PDF Fixer" = PDF Fixer
"PGIII Scorched Earth" = PGIII Scorched Earth
"PHARAOHEDITOR_is1" = MAX's HTML Beauty++ 2004
"PhotoStitch" = Canon Utilities PhotoStitch
"PolyView" = PolyView 4.41
"PolyView Canon CRW Support" = PolyView Canon CRW Support
"PremElem20" = Adobe Premiere Elements 2.0
"ProjectZoo" = Project Zoo (remove only)
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"QuickTime32" = QuickTime for Windows (32-bit)
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"QuickVerse 2007" = QuickVerse 2007
"RADVideo" = RAD Video Tools
"Reach For The Stars" = Reach For The Stars
"RealPlayer 12.0" = RealPlayer
"Re-Volt" = Re-Volt
"Revolution" = Revolution
"Revolution Patch 1.1" = Revolution Patch 1.1
"RoboRumble" = RoboRumble
"RPADeinstKey" = Virtual Key
"RvC v3.0 Map Pack" = RvC v3.0 Map Pack
"Sandpatch (version 1.0)" = Sandpatch (version 1.0)
"Scriptocean Slideshow" = Scriptocean Slideshow 1
"SeaMonkey (2.0.13)" = SeaMonkey (2.0.13)
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"SFBM" = SoundFont Bank Manager
"Sid Meier's Planetary Pack" = Sid Meier's Planetary Pack
"SimilarImages" = SimilarImages
"Space Shuttle" = Space Shuttle
"SpellForce 2 Update v1.02" = SpellForce 2 Update v1.02
"Spin It Again" = Spin It Again
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"ST5UNST #1" = FreeFTP
"ST6UNST #1" = AstroGrep2.0.29
"Star Trek Voyager Elite Force" = Star Trek Voyager Elite Force
"Star Trek: The Game Show" = Star Trek: The Game Show
"Starfleet Command II" = Starfleet Command II
"Starfleet Command II Patcher" = Starfleet Command II Patcher
"Stories for Preachers & Teachers" = Stories for Preachers & Teachers
"Stratego" = Stratego
"Streamripper" = Streamripper (Remove only)
"Sword of the Stars Demo" = Sword of the Stars Demo
"SymSetup.{9002CEE2-B9AD-4425-B85C-9680A159BEEB}" = Norton SystemWorks (Symantec Corporation)
"SysInfo" = Creative System Information
"TagScanner_is1" = TagScanner 5.1.596
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"Test Of Time" = Civ II : Test Of Time
"Test of Time Patch" = Test of Time Patch
"TGZ TDM Map Pack 1" = TGZ TDM Map Pack 1
"The Time Threat Mystery" = The Time Threat Mystery
"Tortuga - Two Treasures_is1" = Tortuga - Two Treasures
"Trade Empires" = Trade Empires (remove only)
"Train Simulator 1.0" = Microsoft Train Simulator
"TTDX Configurator" = TTDX Configurator
"Tweak UI 2.10" = Tweak UI
"UndeletePlus_is1" = Undelete Plus 2.98
"Uninstall Tool_is1" = Uninstall Tool
"UT2004" = Unreal Tournament 2004
"UT3 CBP3 Vol 1" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1
"UT3 CBP3 Vol 2" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 2
"UT3 CBP3 Vol 3" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3
"Vienna SoundFont Studio" = Creative Vienna SoundFont Studio
"vis_geis.dllWinamp" = Geiss for Winamp 2x (remove only)
"VisiPics_is1" = VisiPics V1.30
"WaveStudio 7" = Creative WaveStudio 7
"WGA" = Windows Genuine Advantage Validation Tool
"Wheel of Time" = Wheel of Time
"Winamp" = Winamp
"Winamp PowerPlayer" = PowerPlayer II
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XXConsole" = XXConsole: Super Console Generator ver 0.93

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Third Age - Total War 1.0 Part1" = Third Age - Total War 1.0 Part1
"Third Age - Total War 1.0 Part2" = Third Age - Total War 1.0 Part2
"Third Age - Total War Hotfix1" = Third Age - Total War Hotfix1
"Third Age - Total War Patch 1.1" = Third Age - Total War Patch 1.1
"Third Age - Total War Patch 1.2" = Third Age - Total War Patch 1.2
"Third Age - Total War Patch 1.3" = Third Age - Total War Patch 1.3
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2011 8:38:00 AM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 0.0.0.0, faulting module
firefox.exe, version 0.0.0.0, fault address 0x0008d560.

Error - 4/21/2011 9:15:33 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 0.0.0.0, faulting module
firefox.exe, version 0.0.0.0, fault address 0x0008d560.

Error - 4/21/2011 9:15:37 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.

Error - 4/21/2011 9:15:37 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d560.

Error - 4/21/2011 9:15:40 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.

Error - 4/21/2011 9:17:07 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module , version
0.0.0.0, fault address 0x00000000.

Error - 4/21/2011 9:17:09 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x0008d560.

Error - 4/21/2011 9:17:09 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module , version
0.0.0.0, fault address 0x0008d560.

Error - 4/21/2011 9:17:14 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 0.0.0.0, faulting module
firefox.exe, version 0.0.0.0, fault address 0x0008d560.

Error - 4/21/2011 9:17:22 PM | Computer Name = SPORKO2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

[ System Events ]
Error - 4/20/2011 11:00:52 AM | Computer Name = SPORKO2 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/20/2011 11:00:52 AM | Computer Name = SPORKO2 | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/20/2011 11:00:52 AM | Computer Name = SPORKO2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 AsIO BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SRTSPX
SymIRON
SYMTDI
Tcpip
Tcpip6

Error - 4/20/2011 11:09:15 AM | Computer Name = SPORKO2 | Source = Service Control Manager | ID = 7022
Description = The CyberLink Background Capture Service (CBCS) service hung on starting.

Error - 4/20/2011 11:09:15 AM | Computer Name = SPORKO2 | Source = Service Control Manager | ID = 7001
Description = The CyberLink Task Scheduler (CTS) service depends on the CyberLink
Background Capture Service (CBCS) service which failed to start because of the
following error: %%1070

Error - 4/20/2011 11:34:32 AM | Computer Name = SPORKO2 | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 4/20/2011 11:34:32 AM | Computer Name = SPORKO2 | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 4/20/2011 11:36:49 AM | Computer Name = SPORKO2 | Source = Service Control Manager | ID = 7022
Description = The CyberLink Background Capture Service (CBCS) service hung on starting.

Error - 4/20/2011 11:36:49 AM | Computer Name = SPORKO2 | Source = Service Control Manager | ID = 7001
Description = The CyberLink Task Scheduler (CTS) service depends on the CyberLink
Background Capture Service (CBCS) service which failed to start because of the
following error: %%1070

Error - 4/20/2011 11:36:49 AM | Computer Name = SPORKO2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

< End of report >

Hope nothing new shows up in these logs.

Questions:

Is there any way to know if the malware removed from my computer was the result of the latest attack I wrote about or had been there for a while? I'm always very careful and would be disappointed to know something slipped through without my knowing about it.

Do you have any idea what kind of malware was removed (key logger, backdoor trojan, or...)? I'm just trying to assess the risk that something might have happened (data theft, for example) I should watch for.

Any specific recommendations as to what else I can do to keep secure?

Thanks again for your help. This site is a great resource.

broni · 2011/04/22

Good news

There is really no way to tell, where the infection came from.
Yes, there were some trojans, which we removed with Combofix.
As for the future protection, I'll post more info at the end of this topic.

=====================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010/11/28 00:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\R. Darrell Smith\Desktop\QuickVerse.pif:SummaryInformation


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Xd23bgt · 2011/04/23

Latest logs. I think there are likely some false positives. I installed the latest Java and ran JavaRA. Not sure why Security Check is complaining.

OTL:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Starting removal of ActiveX control {44990301-3C9D-426D-81DF-AAB636FA4345}
C:\WINDOWS\Downloaded Program Files\tgctlsr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\xml194.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml195.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml196.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles folder moved successfully.
ADS C:\Documents and Settings\R. Darrell Smith\Desktop\QuickVerse.pif:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ADMINI~1~000

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eMule_Secure
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

User: R. Darrell Smith
->Temp folder emptied: 0 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 10803256 bytes
->Flash cache emptied: 888 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 97777 bytes
Session Manager Tmp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: ADMINI~1~000

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: eMule_Secure
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: R. Darrell Smith
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_131613

Files\Folders moved on Reboot...
File\Folder K:\TEMP\Perflib_Perfdata_1bc.dat not found!

Registry entries deleted on Reboot...

Security Check:
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Secret Weapons Over Normandy
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Duplicate Cleaner 1.4.7c
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16)
Mozilla Thunderbird (3.1.9)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

ESET:
C:\Download\MiroVideoConverter35.exe Win32/Toolbar.Zugo application
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\FIND\MP3Locat\WMP3L059.exe multiple threats
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\SHARE\BearInst.exe multiple threats
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\WINAMP\qfilter.zip probably a variant of Win32/Adware.Agent.IANTNSQ application
C:\FILES\DVDBAK\BACKUP8\INTERNET\SpySweep\SpySw523_2125.exe probably a variant of Win32/Agent.EZSDFRQ trojan
C:\FILES\DVDBAK\BACKUP8\MISC\MUSIC\SHARE\KaZaa\KL210Bd3.exe probably a variant of Win32/Agent.COPKWSR trojan
C:\FILES\DVDBAK\BACKUP8\UTILITY\DOSPOWER.TOL\PROGRAMS\UPPER.COM probably a variant of Tic.109.B virus
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO6\Nero66115a.exe Win32/Toolbar.AskSBar application
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO7\Nero71010Update.exe Win32/Toolbar.AskSBar application
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO7\Nero71010UpdateMultiLang.exe Win32/Toolbar.AskSBar application
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO9\Nero9260Update.exe Win32/Toolbar.AskSBar application
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO9\Nero94132cUpdate.exe Win32/Toolbar.AskSBar application
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_greyscale.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_invert.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_mavica.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_mirror.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_windib.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_greyscale.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_invert.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_mavica.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_mirror.dll a variant of Win32/Kryptik.MLW trojan
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_windib.dll a variant of Win32/Kryptik.MLW trojan
D:\GAMES\GAMEDVD\StWrKOR2\SWKotOR2-10b-NoCD.ZIP probably a variant of Win32/Agent.EQKKOIL trojan

I can delete the archives and/or uninstall the items ESET found if they are actually infected.

broni · 2011/04/23

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Download\MiroVideoConverter35.exe 
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\FIND\MP3Locat\WMP3L059.exe 
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\SHARE\BearInst.exe 
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\WINAMP\qfilter.zip 
C:\FILES\DVDBAK\BACKUP8\INTERNET\SpySweep\SpySw523_2125.exe 
C:\FILES\DVDBAK\BACKUP8\MISC\MUSIC\SHARE\KaZaa\KL210Bd3.exe 
C:\FILES\DVDBAK\BACKUP8\UTILITY\DOSPOWER.TOL\PROGRAMS\UPPER.COM 
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO6\Nero66115a.exe 
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO7\Nero71010Update.exe 
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO7\Nero71010UpdateMultiLang.exe 
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO9\Nero9260Update.exe 
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO9\Nero94132cUpdate.exe 
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_greyscale.dll 
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_invert.dll 
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_mavica.dll a 
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_mirror.dll 
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_windib.dll
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_greyscale.dll 
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_invert.dll 
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_mavica.dll 
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_mirror.dll 
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_windib.dll 
D:\GAMES\GAMEDVD\StWrKOR2\SWKotOR2-10b-NoCD.ZIP

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Xd23bgt · 2011/04/24

Post 1 of 2

Latest logs:

OTL Removal:
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Download\MiroVideoConverter35.exe moved successfully.
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\FIND\MP3Locat\WMP3L059.exe moved successfully.
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\SHARE\BearInst.exe moved successfully.
C:\FILES\DVDBAK\BACKUP3\MISC\MUSIC\WINAMP\qfilter.zip moved successfully.
C:\FILES\DVDBAK\BACKUP8\INTERNET\SpySweep\SpySw523_2125.exe moved successfully.
C:\FILES\DVDBAK\BACKUP8\MISC\MUSIC\SHARE\KaZaa\KL210Bd3.exe moved successfully.
C:\FILES\DVDBAK\BACKUP8\UTILITY\DOSPOWER.TOL\PROGRAMS\UPPER.COM moved successfully.
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO6\Nero66115a.exe moved successfully.
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO7\Nero71010Update.exe moved successfully.
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO7\Nero71010UpdateMultiLang.exe moved successfully.
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO9\Nero9260Update.exe moved successfully.
C:\FILES\DVDBAK\BACKUP8\UTILITY\NERO\NERO9\Nero94132cUpdate.exe moved successfully.
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_greyscale.dll moved successfully.
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_invert.dll moved successfully.
File\Folder C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_mavica.dll a not found.
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_mirror.dll moved successfully.
C:\FILES\WDDrives\DriveI\XP_BAK_C\GRAPHICS\FuturisImager\plugins\f_windib.dll moved successfully.
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_greyscale.dll moved successfully.
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_invert.dll moved successfully.
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_mavica.dll moved successfully.
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_mirror.dll moved successfully.
C:\FILES\WDDrives\DriveI\XP_BCK_C.OLD\GRAPHICS\FuturisImager\plugins\f_windib.dll moved successfully.
D:\GAMES\GAMEDVD\StWrKOR2\SWKotOR2-10b-NoCD.ZIP moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ADMINI~1~000

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eMule_Secure
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

User: R. Darrell Smith
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 769 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 154122 bytes
Session Manager Tmp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: ADMINI~1~000

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: eMule_Secure
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: R. Darrell Smith
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04232011_124744

Files\Folders moved on Reboot...
File\Folder K:\TEMP\Perflib_Perfdata_c4.dat not found!

Registry entries deleted on Reboot...

OTL New Restore Point:
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ADMINI~1~000

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eMule_Secure
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

User: R. Darrell Smith
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 83911 bytes
Session Manager Tmp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: ADMINI~1~000

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: eMule_Secure
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: R. Darrell Smith
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 04232011_131524

Files\Folders moved on Reboot...
File\Folder K:\TEMP\Perflib_Perfdata_178.dat not found!

Registry entries deleted on Reboot...

OTL Cleanup:
OTL logfile created on: 4/23/2011 1:00:41 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\R. Darrell Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 91.61 Gb Free Space | 37.52% Space Free | Partition Type: NTFS
Drive D: | 687.37 Gb Total Space | 399.23 Gb Free Space | 58.08% Space Free | Partition Type: NTFS
Drive K: | 476.25 Mb Total Space | 476.12 Mb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: SPORKO2 | User Name: R. Darrell Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 00:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe
PRC - [2011/04/18 23:45:04 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\DIAGS\SpySweep\WRConsumerService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\DIAGS\NSS\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\DIAGS\SpySweep\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\DIAGS\SpySweep\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\DIAGS\SpySweep\SSU.exe
PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/01 21:43:08 | 000,708,608 | ---- | M] (Shaun Ivory) -- C:\GRAPHICS\PANORAMA\Panorama.exe
PRC - [2008/09/27 12:10:10 | 000,198,656 | ---- | M] () -- C:\APPLICAT\TrayIcon\trayicon.exe
PRC - [2008/09/25 14:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\DIAGS\NSW\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 14:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\DIAGS\NSW\Norton Utilities\NPROTECT.EXE
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\HARDWARE\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2008/06/06 00:31:20 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:42:16 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008/02/20 20:58:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/02/01 12:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2005/12/12 17:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\HARDWARE\APCPowerChutePE\apcsystray.exe
PRC - [2005/12/12 17:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\HARDWARE\APCPowerChutePE\mainserv.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/16 18:25:28 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\HARDWARE\QuickCam\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\HARDWARE\QuickCam\FxSvr2.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\HARDWARE\SoundBlasterX-Fi\DVDAudio\CTDVDDET.exe
PRC - [2002/04/12 16:39:24 | 000,155,715 | ---- | M] () -- C:\HARDWARE\SAMSUNG\NaturalColor\NaturalColorLoad.exe
PRC - [2001/02/17 14:20:40 | 000,350,720 | ---- | M] () -- C:\APPLICAT\EXTENSO\Extenso4.exe
PRC - [1998/10/02 00:13:04 | 000,069,632 | ---- | M] (Spicey Programs) -- C:\UTILITY\sc.exe

========== Modules (SafeList) ==========

MOD - [2011/04/22 00:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\DIAGS\NSS\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 05:42:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 05:41:50 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2008/02/20 20:58:42 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 23:45:04 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\DIAGS\SpySweep\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/12/21 08:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\DIAGS\SecuniaPSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\DIAGS\NSS\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/01/03 20:47:15 | 001,028,432 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\APPLICAT\AdAware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\GAMES\DragonAge\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\DIAGS\SpySweep\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/07 17:20:18 | 000,121,376 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\HARDWARE\nVidia\SystemUpdate\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/01/06 16:52:02 | 000,174,624 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Hardware\nVidia\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\DIAGS\Sandra\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/25 14:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\DIAGS\NSW\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 14:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\DIAGS\NSW\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/09/01 19:09:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/06/06 00:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () [On_Demand | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) [On_Demand | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2008/04/14 05:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 05:41:56 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/12/12 17:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\HARDWARE\APCPowerChutePE\mainserv.exe -- (APC UPS Service)
SRV - [2005/10/06 20:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\GRAPHICS\PhotoshopElements\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)

========== Driver Services (SafeList) ==========

DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/03 17:51:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110420.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/03 17:50:59 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110420.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110419.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/11/28 00:58:27 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/27 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/27 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/26 23:55:48 | 005,524,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/21 07:30:32 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/05/27 14:52:12 | 000,829,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/28 10:12:02 | 000,095,232 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/02 17:07:00 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/01/22 00:09:54 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/01/13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/01/07 17:20:16 | 000,036,896 | ---- | M] (NVIDIA Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/12/03 23:45:30 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\DIAGS\Sandra\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/09/25 14:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 14:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/08/18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/18 18:54:00 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/05/08 21:36:17 | 000,752,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 09:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2008/02/25 09:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2008/02/25 09:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2008/02/25 09:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2008/02/25 09:41:06 | 000,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2008/02/25 09:41:02 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2008/02/25 09:40:56 | 000,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2008/02/25 09:40:52 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/12/06 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/11/05 21:57:46 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\APPLICAT\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/11/03 04:24:01 | 000,061,312 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssync05.sys -- (pssync05) CD Guard Synchronization Driver (v5)
DRV - [2006/09/11 08:01:44 | 000,067,960 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\psdrv02.sys -- (psdrv02) CD Guard Environment Driver (v2)
DRV - [2005/12/03 07:29:58 | 000,035,200 | ---- | M] (QSoft [ Qualitative Software ] ) [ QSoft ] Standard [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RAMDisk.sys -- (Ramdisk)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/08/10 10:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/19 17:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/31 11:13:24 | 000,163,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)
DRV - [2004/10/11 14:08:00 | 000,012,062 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/09 06:53:06 | 000,009,728 | R--- | M] (Western Digital) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inibtmgr.sys -- (inibtmgr)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 14:50:20 | 000,144,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epcfw2k.sys -- (epcfw2k)
DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 09:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)
DRV - [1999/10/04 13:30:34 | 000,139,047 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eplsw2k.sys -- (eplsw2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "about:blank "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ErrorZillaMod@jaybaldwin:0.39b
FF - prefs.js..extensions.enabledItems: launchy@gemal.dk:4.4.0
FF - prefs.js..extensions.enabledItems: {31DC1CBB-99B2-4652-8279-9BD385D81045}:2.1
FF - prefs.js..extensions.enabledItems: {343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829}:0.8.1
FF - prefs.js..extensions.enabledItems: {3474c305-9dad-11d8-9207-00055d74c2e4}:0.4.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {5A32C460-12D9-11D9-9669-0800200C9A66}:0.2.4
FF - prefs.js..extensions.enabledItems: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8}:0.2.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {8B41860E-5D30-4e96-BB09-CE22F491A481}:0.6.8.4
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.14.2011022201
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..extensions.enabledItems: {e22068c8-faf8-4620-b0d6-e2811a82e84b}:3.5
FF - prefs.js..extensions.enabledItems: {e3a1bec3-1cc1-4d20-875b-a10587471a5e}:0.8.2
FF - prefs.js..extensions.enabledItems: {ea702e71-fcda-4c39-93bb-fea2b543b58c}:0.7.0.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: {F2F6EC1A-8601-443B-812F-655E25AEF7D0}:0.4
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}:0.2.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: apollo@www.spuler.us:3.5
FF - prefs.js..extensions.enabledItems: {E800A8D5-6B36-4854-9F21-443F8CBFF835}:2.0.2
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.http_port: 4001

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/11/28 14:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/11/28 00:59:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/12 18:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\APPLICAT\Firefox\components [2011/04/12 18:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\APPLICAT\Firefox\plugins [2011/04/23 12:27:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\APPLICAT\TBird\components [2011/04/12 18:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\APPLICAT\TBird\plugins [2011/04/23 12:27:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.13\extensions\\Components: C:\APPLICAT\SeaMonkey\components [2011/04/12 18:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.13\extensions\\Plugins: C:\APPLICAT\SeaMonkey\plugins [2011/04/23 12:27:45 | 000,000,000 | ---D | M]

[2010/01/22 22:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Extensions
[2010/01/22 22:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/07 23:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/04/12 20:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions
[2010/05/20 18:39:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2006/10/23 10:58:25 | 000,000,000 | ---D | M] (LinkPreview) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{31DC1CBB-99B2-4652-8279-9BD385D81045}
[2009/10/15 20:02:06 | 000,000,000 | ---D | M] (firefix) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829}
[2006/11/28 15:14:17 | 000,000,000 | ---D | M] (Bookmark Backup) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}
[2009/11/20 21:28:37 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2011/02/11 20:31:42 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2006/10/23 10:57:32 | 000,000,000 | ---D | M] (Gcache) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{5A32C460-12D9-11D9-9669-0800200C9A66}
[2006/11/28 15:06:47 | 000,000,000 | ---D | M] ( "Stop-or-Reload Button ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
[2008/06/28 18:17:37 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2009/07/02 23:00:15 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/03/25 10:32:13 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2008/06/28 18:17:37 | 000,000,000 | ---D | M] (Bookmarks LinkChecker) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{8B41860E-5D30-4e96-BB09-CE22F491A481}
[2010/01/09 13:58:06 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2011/03/31 17:25:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/25 10:31:19 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2011/01/25 16:34:46 | 000,000,000 | ---D | M] ( "CoolPreviews ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011/03/25 10:35:51 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2008/06/28 18:17:47 | 000,000,000 | ---D | M] (NeedleSearch) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{e22068c8-faf8-4620-b0d6-e2811a82e84b}
[2009/09/14 19:55:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2006/11/28 15:06:46 | 000,000,000 | ---D | M] ( "Preferential ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
[2006/11/28 16:42:20 | 000,000,000 | ---D | M] (Modern Pinball) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2006/11/28 16:45:48 | 000,000,000 | ---D | M] (Sort Bookmarks) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{ea702e71-fcda-4c39-93bb-fea2b543b58c}
[2011/03/25 10:31:42 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2011/03/25 10:36:03 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2006/11/28 16:44:23 | 000,000,000 | ---D | M] (Optimoz Tweaks) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{F2F6EC1A-8601-443B-812F-655E25AEF7D0}
[2008/10/23 21:43:22 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2006/10/23 11:02:46 | 000,000,000 | ---D | M] ( "Wayback ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\{FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}
[2009/07/02 22:59:33 | 000,000,000 | ---D | M] (Apollo) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\apollo@www.spuler.us
[2010/10/06 18:25:55 | 000,000,000 | ---D | M] (ErrorZilla Mod) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\ErrorZillaMod@jaybaldwin
[2010/02/08 20:04:54 | 000,000,000 | ---D | M] (Launchy) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\launchy@gemal.dk
[2009/07/02 22:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\apollo@www.spuler.us\chrome\browser\extensions
[2009/07/02 22:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\apollo@www.spuler.us\chrome\browser\extensions\icons
[2009/07/02 22:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Firefox\Profiles\bjemwv0a.default\extensions\apollo@www.spuler.us\chrome\mozapps\extensions
[2011/04/18 12:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions
[2010/01/30 00:56:03 | 000,000,000 | ---D | M] ( "Nautipolis for SeaMonkey ") -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{4b15ab39-47d7-4b41-9279-9291dcfc8b61}
[2010/12/13 16:31:59 | 000,000,000 | ---D | M] (googlebar) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/01/08 00:09:40 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2011/02/08 18:21:11 | 000,000,000 | ---D | M] (Single Key Tab Switch) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{a66191d8-898b-4a66-89be-d5b279477a54}
[2011/02/08 18:21:12 | 000,000,000 | ---D | M] (Tabs Menu) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{dc5d9a10-2736-11da-8cd6-0800200c9a66}
[2010/01/08 00:16:52 | 000,000,000 | ---D | M] (Preferential) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
[2011/04/16 10:32:26 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/01/08 00:14:11 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011/04/16 10:32:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\coralietab@mozdev.org
[2011/02/08 18:21:12 | 000,000,000 | ---D | M] (Tab Wheel Scroll) -- C:\Documents and Settings\R. Darrell Smith\Application Data\Mozilla\Profiles\default\jhuoaxw3.slt\extensions\tabscroll@mthamil
[2010/10/07 11:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\APPLICAT\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/28 00:59:34 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/11/28 14:11:58 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/04/12 18:16:00 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/07 11:34:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

Xd23bgt · 2011/04/24

Post 2 of 2

O1 HOSTS File: ([2011/04/21 22:07:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\APPLICAT\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLICAT\SpybotSD\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\DIAGS\NSS\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\DIAGS\NSS\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\DIAGS\NSS\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\DIAGS\NSS\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\HARDWARE\AMD\Dual-CoreOptimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CMCService] C:\Program Files\ATI\Catalyst Media Center\CMCService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CTDVDDET] C:\HARDWARE\SoundBlasterX-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\HARDWARE\QuickCam\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\HARDWARE\QuickCam\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NSWosCheck] C:\DIAGS\NSW\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SpySweeper] C:\DIAGS\SpySweep\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\HARDWARE\APCPowerChutePE\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Command Prompt.lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\HARDWARE\SAMSUNG\NaturalColor\NaturalColorLoad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Panorama 1.31.lnk = C:\GRAPHICS\PANORAMA\Panorama.exe (Shaun Ivory)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spicey Corners 2.10.lnk = C:\UTILITY\sc.exe (Spicey Programs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayIcon 2.1.lnk = C:\APPLICAT\TrayIcon\trayicon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Volume Panel.lnk = C:\HARDWARE\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-1532298954-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with GetRight - C:\APPLICAT\GetRight\GRDownload.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\APPLICAT\MicrosoftOffice\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: GetRight Mini-Browser - C:\APPLICAT\GetRight\IETools\GRMiniBrowser.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\APPLICAT\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Search FileMirrors - C:\APPLICAT\GetRight\IETools\FileMirrors.htm ()
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\DIAGS\NSW\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\DIAGS\NSW\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\APPLICAT\MicrosoftOffice\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLICAT\SpybotSD\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft.com/fwlink/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1259240547640 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214106037859 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229144092234 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.40 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O29 - HKLM SecurityProviders - (rpasspc.dll) - C:\WINDOWS\System32\RPASSPC.dll (CompuServe Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/16 01:29:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 12:41:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe
[2011/04/22 13:16:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/21 22:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/21 08:42:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/21 08:39:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/21 08:39:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/21 08:39:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/21 08:39:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/21 08:38:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/21 08:38:16 | 000,000,000 | -H-D | C] -- C:\Qoobox
[2011/04/20 21:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Malwarebytes
[2011/04/20 21:19:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/20 21:19:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/19 00:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/18 23:43:44 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2011/04/18 23:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Webroot
[2011/04/18 23:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2011/04/18 16:47:47 | 000,000,000 | -H-D | C] -- C:\~ErdUserProfile.$$$
[2011/04/18 07:56:57 | 000,000,000 | -H-D | C] -- C:\NBRT
[2011/04/13 21:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XSettings
[2011/04/12 18:14:28 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/04/12 18:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/04/09 17:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Darrell Smith\Start Menu\Programs\Video Utilities
[2011/03/30 16:08:21 | 000,000,000 | ---D | C] -- C:\TMP12
[2011/03/30 16:08:19 | 000,000,000 | ---D | C] -- C:\TMP11
[2011/03/30 12:10:36 | 000,000,000 | ---D | C] -- C:\TMP10
[2011/03/30 11:40:14 | 000,000,000 | ---D | C] -- C:\TMP9
[2011/03/28 18:06:36 | 000,000,000 | ---D | C] -- C:\TMP7
[2008/02/20 20:44:02 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/04/23 12:52:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/23 12:49:43 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx
[2011/04/23 12:49:43 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx
[2011/04/23 12:49:43 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx
[2011/04/23 11:13:35 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\SharedSettings.ccs
[2011/04/22 00:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R. Darrell Smith\Desktop\OTL.exe
[2011/04/21 22:07:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/04/21 08:42:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/04/20 11:34:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/17 00:00:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/17 00:00:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/16 01:00:52 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/15 01:01:46 | 000,585,389 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\jap.conf
[2011/04/13 18:20:47 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2011/04/13 10:19:04 | 000,000,115 | ---- | M] () -- C:\WINDOWS\OUTSTACKER.INI
[2011/04/12 18:14:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/04/12 15:59:01 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/04/10 21:47:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/03/31 19:29:37 | 000,011,127 | ---- | M] () -- C:\Documents and Settings\R. Darrell Smith\gsview32.ini
[2011/03/31 18:24:43 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini

========== Files Created - No Company Name ==========

[2011/04/22 10:51:01 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/04/22 10:50:57 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2011/04/21 08:42:40 | 000,000,223 | -H-- | C] () -- C:\Boot.bak
[2011/04/21 08:42:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/21 08:39:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/21 08:39:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/21 08:39:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/21 08:39:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/21 08:39:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/13 18:05:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/04/10 21:47:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/03/31 20:06:54 | 002,309,120 | ---- | C] () -- C:\WINDOWS\System32\pdfrepair.exe
[2011/03/31 19:27:26 | 000,011,127 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\gsview32.ini
[2011/03/31 18:24:43 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/03/12 22:13:33 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/03/12 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/03/12 20:49:35 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/03/11 22:17:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/11/13 21:49:34 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2010/10/12 11:42:32 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/10/12 11:42:19 | 000,163,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV532AV.SYS
[2010/10/12 11:42:19 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/30 18:26:17 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\default.rss
[2010/07/07 21:40:16 | 000,003,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\NTHANDLE.SYS
[2010/04/09 21:41:34 | 000,068,917 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/04/09 21:41:34 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/02/09 23:24:16 | 000,068,816 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/02/09 23:22:39 | 000,028,978 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/01/01 18:49:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/13 17:36:00 | 000,001,952 | ---- | C] () -- C:\WINDOWS\PASETUP.INI
[2009/12/13 17:32:02 | 000,002,437 | ---- | C] () -- C:\WINDOWS\POWERUP.INI
[2009/12/13 16:14:25 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\SharedSettings.ccs
[2009/12/13 16:09:09 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2009/12/12 00:40:33 | 000,000,219 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/05/03 07:44:38 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/28 17:45:46 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/04/25 01:19:17 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/16 20:50:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/16 20:20:26 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/01 22:47:27 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/03/02 22:33:49 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/02/16 22:38:02 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave.INI
[2009/02/16 22:20:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/02/07 21:34:27 | 008,507,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/02/07 20:13:00 | 000,000,115 | ---- | C] () -- C:\WINDOWS\OUTSTACKER.INI
[2009/02/05 20:32:07 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/01/18 22:16:59 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EFXP.INI
[2009/01/18 21:12:25 | 000,000,827 | ---- | C] () -- C:\WINDOWS\EF.ini
[2009/01/18 21:06:54 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/01/18 20:57:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SSIMB.INI
[2009/01/17 21:59:44 | 000,000,597 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/01/17 20:18:18 | 000,000,144 | ---- | C] () -- C:\WINDOWS\PG3prefs.ini
[2009/01/15 23:43:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PPTVIEW.INI
[2009/01/15 23:30:25 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2009/01/15 22:18:26 | 000,012,816 | ---- | C] () -- C:\WINDOWS\logos20.ini
[2009/01/11 23:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ins.INI
[2009/01/11 18:09:23 | 000,004,302 | ---- | C] () -- C:\WINDOWS\7thLevel.ini
[2009/01/11 12:54:21 | 000,000,033 | ---- | C] () -- C:\WINDOWS\forevermopt.INI
[2009/01/06 22:37:09 | 000,000,520 | ---- | C] () -- C:\WINDOWS\hwsolii.ini
[2009/01/06 22:22:39 | 000,158,720 | ---- | C] () -- C:\WINDOWS\RefUinst.exe
[2009/01/03 00:32:50 | 000,000,248 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/01/02 23:00:08 | 000,000,867 | ---- | C] () -- C:\WINDOWS\DR2.ini
[2009/01/02 22:01:51 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/01/01 23:06:36 | 000,000,755 | ---- | C] () -- C:\WINDOWS\BZII.INI
[2008/12/24 21:51:12 | 000,000,296 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/12/24 18:14:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/24 18:14:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/24 18:14:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/24 18:14:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/24 18:14:27 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/24 18:14:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/24 17:57:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2008/12/20 12:04:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2008/12/20 01:06:26 | 000,000,705 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2008/12/08 19:49:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/08 19:49:47 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/05 23:09:48 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/03 23:45:31 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/12/03 23:45:30 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/29 21:51:27 | 000,000,454 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/11/28 01:26:01 | 000,000,089 | ---- | C] () -- C:\WINDOWS\civnet.ini
[2008/11/28 01:19:11 | 000,000,247 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/11/27 16:08:24 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/11/21 19:15:47 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\PFP110JPR.{PB
[2008/11/21 19:15:47 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\PFP110JCM.{PB
[2008/10/24 19:27:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Prima.ini
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 21:03:39 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008/09/13 10:46:16 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/09/13 10:46:16 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/09/13 10:46:16 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/09/01 20:01:03 | 001,746,360 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2008/07/14 22:12:14 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/14 22:12:14 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Application Data\PnkBstrK.sys
[2008/07/14 22:11:57 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/07/14 22:11:53 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/07/14 22:11:53 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/07/12 23:14:49 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\xxconsole.ini
[2008/07/12 23:11:27 | 000,230,377 | ---- | C] () -- C:\WINDOWS\System32\XXCOPY16.EXE
[2008/07/11 15:50:28 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/07/07 21:46:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/02 21:41:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\GetCis.dll
[2008/07/02 20:41:46 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vkcustom.ini
[2008/07/02 20:41:43 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\VkUninst.dll
[2008/07/02 20:40:39 | 000,403,456 | ---- | C] () -- C:\WINDOWS\System32\CCTN240C.DLL
[2008/07/02 20:40:39 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\SH33W32.DLL
[2008/07/02 20:40:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\GOCSERVE.EXE
[2008/07/02 20:40:33 | 000,000,180 | ---- | C] () -- C:\WINDOWS\CServe.ini
[2008/07/02 20:40:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cs3inst.ini
[2008/06/28 22:36:11 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\_inmm.dll
[2008/06/28 21:55:35 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/06/28 19:33:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/28 19:33:37 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2008/06/28 19:33:26 | 000,008,325 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/24 22:32:04 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/06/24 21:31:28 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/06/24 21:31:28 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/06/24 21:30:39 | 000,000,649 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/06/21 23:46:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/06/21 23:46:04 | 000,005,989 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/21 23:45:58 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/06/21 01:40:28 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/06/21 01:23:28 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008/06/21 00:31:21 | 000,012,062 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2008/06/21 00:27:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008/06/20 23:43:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/06/20 23:43:56 | 000,004,273 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/06/20 21:58:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/20 21:48:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/20 18:35:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/20 18:34:34 | 000,489,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/06 19:13:06 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/02/20 21:00:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/02/20 20:58:46 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2008/02/20 20:49:46 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/02/20 20:49:46 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2008/02/20 20:46:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2008/02/20 20:46:20 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2008/02/20 20:44:34 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2008/02/20 20:44:26 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2008/02/20 20:44:26 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/02/20 20:44:10 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/02/20 20:44:10 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/02/20 20:44:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2007/03/10 14:13:16 | 000,000,274 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2006/10/02 17:25:18 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/04/12 22:37:43 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DreamCalc DC3G.dat
[2006/04/01 22:36:28 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/21 14:47:09 | 002,060,800 | ---- | C] () -- C:\WINDOWS\setup_rangers_2.exe
[2006/01/19 00:57:50 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\R. Darrell Smith\Local Settings\Application Data\fusioncache.dat
[2005/10/29 19:31:08 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/08/04 03:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 16:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/12 01:31:54 | 000,008,391 | ---- | C] () -- C:\WINDOWS\PWRPLAY.INI
[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/02/07 21:31:48 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,443,878 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,072,136 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/12 18:14:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\shelexec.exe

========== LOP Check ==========

[2009/03/02 21:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MailFrontier
[2010/02/06 23:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/09/12 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software
[2009/02/05 20:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/12/03 23:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/01 16:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/02/09 19:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2009/01/15 23:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Libronix DLS
[2009/04/16 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/11/28 10:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/07/07 20:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/01/23 00:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProjectZoo
[2010/08/14 13:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2009/02/06 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/06/19 17:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X10 Settings
[2011/04/13 21:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XSettings
[2009/05/02 17:05:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010/11/11 01:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{881A9191-B4BF-4950-9F18-A05E2263DA42}
[2009/01/22 00:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Ascaron Entertainment
[2011/04/18 12:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Audacity
[2010/04/09 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\CheckPoint
[2010/09/12 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\CoffeeCup Software
[2009/12/16 00:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\ImgBurn
[2006/04/03 01:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\InterVideo
[2011/04/11 11:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\JonDo
[2006/01/19 11:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Leadertech
[2009/01/16 00:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Libronix DLS
[2006/02/21 18:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\LucasArts
[2011/03/15 14:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\MailWasher
[2006/12/26 19:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\My Battle for Middle-earth Files
[2006/03/04 23:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\My Battle for Middle-earth(tm) II Files
[2006/10/16 13:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\My Games
[2007/01/02 00:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2009/07/11 20:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\OfficeUpdate12
[2010/01/01 01:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Opera
[2006/11/02 19:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Petroglyph
[2009/12/24 17:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Pollux Gamelabs
[2009/08/07 08:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\PolyView
[2009/01/15 21:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\QuickVerse11
[2010/05/30 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\scriptocean
[2009/04/18 12:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\streamripper
[2011/03/14 12:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\TagScanner
[2010/01/22 22:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Thunderbird
[2010/11/29 11:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\R. Darrell Smith\Application Data\Tific
[2008/09/30 22:37:57 | 000,032,548 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

I also ran all the other suggested apps and followed your advice on the other matters. I was already following almost all of the "How did I get infected" points. Just went to an unknown site for a hardware review.

Thanks again for your help. I'll now need to start a new thread for my wife's computer.

broni · 2011/04/24

Way to go!!
Good luck and stay safe

Log in or Sign up

Solved Log files for review - Need help diagnosing

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Log files for review - Need help diagnosing

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches