Solved Windows XP SP3 running slow

Mr. Chip · 2011/06/07

[Resolved] Windows XP SP3 running slow

Hello,

Over the past few weeks I have noticed that my PC seems to be running slower, especially when I surf the net. My PC sits behind a hardware firewall and I use f-Prot antivirus and Malwarebytes. I was hoping someone could look into this and see if some cleaning will resolve this.

I will post the log files from HiJackThis as well as RSIT separately. Thanks in advance!

wildfire · 2011/06/07

Those aren't the requested logs for this forum Mr Chip.

Please read this post as indicated at the top of this forum.

Mr. Chip · 2011/06/07

Hi Wildfire, sorry about that. I was going from memory. My bad, I will start working on the post instructions. The full scan will take a bit.

Mr. Chip · 2011/06/07

First Update

OK,

I updated f-prot and ran a complete scan. That came up clean. I then updated Malwarebyte (I am using the paid version) and ran a quick scan. Here are the results. I am off to the next step. Thanks again!

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6804

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/7/2011 6:49:40 PM
mbam-log-2011-06-07 (18-49-40).txt

Scan type: Quick scan
Objects scanned: 206622
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Mr. Chip · 2011/06/08

Results from GMER Scan

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-07 23:58:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18 WDC_WD2500AAJS-75B4A0 rev.01.03A01
Running: plh3fovy.exe; Driver: C:\DOCUME~1\MYUSER~1\LOCALS~1\Temp\uwtdqpow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D9F360, 0x3E57A5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[784] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe[1276] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10005230 C:\Program Files\Anonymizer\Anonymizer Software\Common\Anx.System.dll (rscoree/Remotesoft, Inc.)
.text C:\program files\real\realplayer\update\realsched.exe[3324] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs FStopW.sys (FPAV - RealTime Protector/FRISK Software International)

---- EOF - GMER 1.0.15 ----

Mr. Chip · 2011/06/08

MBR Check results

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x03c0507c

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB8338000 pavboot.sys
0xB80E8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7ED9000 sr.sys
0xB7E2F000 FStopW.sys
0xB7E18000 KSecDD.sys
0xB7D8B000 Ntfs.sys
0xB7D5E000 NDIS.sys
0xB7D44000 Mup.sys
0xB8128000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB768E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6EC0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6EAC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB767E000 \SystemRoot\System32\drivers\pivot.sys
0xB6E84000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8410000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6E60000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6E38000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xB766E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB765E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6E15000 \SystemRoot\system32\DRIVERS\ks.sys
0xB764E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB87B2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB763E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8578000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6DFE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB762E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB761E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8420000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6DED000 \SystemRoot\system32\DRIVERS\psched.sys
0xB760E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8428000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8430000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8588000 \SystemRoot\System32\Drivers\PdiPorts.sys
0xB6D95000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8138000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8438000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8440000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85CC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6D37000 \SystemRoot\system32\DRIVERS\update.sys
0xB859C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8148000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8188000 \SystemRoot\system32\drivers\nvhda32.sys
0xB3DA5000 \SystemRoot\system32\drivers\portcls.sys
0xB8198000 \SystemRoot\system32\drivers\drmk.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB3CB3000 \SystemRoot\system32\drivers\sthda.sys
0xB85D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB874E000 \SystemRoot\System32\Drivers\Null.SYS
0xB85D8000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8470000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8478000 \SystemRoot\System32\drivers\vga.sys
0xB85DA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8480000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8488000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB855C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3C58000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3BFF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3BD7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3BB1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB3B8F000 \SystemRoot\System32\drivers\afd.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3B64000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3AF4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB81E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB81F8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8769000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB8238000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8498000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB84A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB8258000 \SystemRoot\system32\drivers\usbaudio.sys
0xB6B99000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB6B91000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6B8D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3A14000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB860E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7CEB000 \SystemRoot\System32\drivers\Dxapi.sys
0xB84B0000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8712000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD5B3000 \SystemRoot\System32\ATMFD.DLL
0xB3C6F000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB36FC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB349F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3AAC000 \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys
0xB3307000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8448000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB2DE4000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB2C17000 \SystemRoot\system32\drivers\wdmaud.sys
0xB350C000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2B29000 \SystemRoot\system32\drivers\kmixer.sys
0xB26E0000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2769000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
648 C:\WINDOWS\system32\smss.exe
700 csrss.exe
724 C:\WINDOWS\system32\winlogon.exe
768 C:\WINDOWS\system32\services.exe
780 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\nvsvc32.exe
1016 C:\WINDOWS\system32\svchost.exe
1084 svchost.exe
1204 C:\WINDOWS\system32\svchost.exe
1296 svchost.exe
1364 svchost.exe
1472 C:\WINDOWS\system32\spoolsv.exe
1552 svchost.exe
1624 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1644 C:\Program Files\Bonjour\mDNSResponder.exe
1696 C:\Program Files\Executive Software\Diskeeper\DkService.exe
1736 C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
1792

Mr. Chip · 2011/06/08

DDS results - two logs

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Run by chip at 8:24:48 on 2011-06-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2363 [GMT -7:00]
.
AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\OBroker.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Citrix\GoToMeeting\708\g2mstart.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Citrix\GoToMeeting\708\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\708\g2mlauncher.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [QuickGammaLoader] c:\program files\quickgamma\QuickGammaLoader.exe
uRun: [QuickGammaResume]
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\708\g2mstart.exe" "/Trigger RunAtLogon "
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [Citi Virtual Account Numbers] c:\progra~1\virtua~1\CitiVAN.exe /lang=en_RG /dontopenmycards
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0 "
mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\SnagIt32.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: hp.com\h20168.www2
Trusted Zone: hp.com\sbesp.houston
Trusted Zone: vcall.com\events
DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab
DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://theoracle2/connectcomputer/nshelp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228099459805
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://meeting.juniper.net/dana-cached/setup/JuniperSetupSP1.cab
TCP: Interfaces\{384397BF-7F03-4A0C-8A9E-AA57194AC88E} : NameServer = 192.168.1.33,192.168.2.34
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\clevinson\application data\mozilla\firefox\profiles\4xr9euph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT206400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - San Diego Padres Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT206400&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\clevinson\application data\mozilla\firefox\profiles\4xr9euph.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\clevinson\application data\mozilla\firefox\profiles\4xr9euph.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\clevinson\application data\mozilla\firefox\profiles\4xr9euph.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\clevinson\application data\mozilla\firefox\profiles\4xr9euph.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\clevinson\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2008-11-13 700632]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-25 28544]
R2 AnonMgmtSvc;Anonymizer Management Service;c:\program files\anonymizer\anonymizer software\common\AnonMgmtSvc.exe [2008-11-17 37560]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-10 20968]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-15 366640]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2010-8-31 109168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-15 22712]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-10 57248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\drivers\evomousedriverfilterhidusb.sys --> c:\windows\system32\drivers\EvoMouseDriverFilterHidUsb.sys [?]
S3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\evomousedrivermini.sys --> c:\windows\system32\drivers\EvoMouseDriverMini.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-18 16:28:59 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-18 16:28:58 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-18 16:28:57 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-18 16:28:57 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-18 16:28:57 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-18 16:28:56 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-18 16:28:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-18 16:28:55 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 15:10:54 72080 ------w- C:\g2mdlhlpx.exe
2011-05-03 15:10:53 72080 ----a-w- c:\documents and settings\clevinson\g2mdlhlpx.exe
.
============= FINISH: 8:26:05.87 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2008 7:05:15 PM
System Uptime: 6/8/2011 8:12:05 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 105.024 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 228.225 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is NetworkDisk (NTFS) - 35 GiB total, 25.04 GiB free.
M: is NetworkDisk (NTFS) - 518 GiB total, 163.105 GiB free.
O: is NetworkDisk (NTFS) - 70 GiB total, 25.997 GiB free.
W: is Removable
X: is Removable
Y: is Removable
Z: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00\4&5855BE9&0&10F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00\4&5855BE9&0&10F0
Service:
.
==== System Restore Points ===================
.
RP309: 3/9/2011 11:06:04 AM - System Checkpoint
RP310: 3/10/2011 5:35:29 PM - System Checkpoint
RP311: 3/12/2011 8:36:02 PM - System Checkpoint
RP312: 3/13/2011 8:41:45 PM - System Checkpoint
RP313: 3/14/2011 11:11:03 PM - System Checkpoint
RP314: 3/16/2011 8:51:52 AM - System Checkpoint
RP315: 3/17/2011 12:29:42 PM - System Checkpoint
RP316: 3/18/2011 12:37:48 PM - System Checkpoint
RP317: 3/19/2011 1:16:27 PM - System Checkpoint
RP318: 3/20/2011 1:40:45 PM - System Checkpoint
RP319: 3/20/2011 7:07:13 PM - Software Distribution Service 3.0
RP320: 3/21/2011 7:22:12 PM - System Checkpoint
RP321: 3/22/2011 10:21:31 PM - System Checkpoint
RP322: 3/23/2011 12:37:47 PM - Software Distribution Service 3.0
RP323: 3/24/2011 12:38:12 PM - System Checkpoint
RP324: 3/25/2011 4:25:42 PM - System Checkpoint
RP325: 3/26/2011 7:51:49 PM - System Checkpoint
RP326: 3/27/2011 8:16:04 PM - System Checkpoint
RP327: 3/28/2011 8:41:59 PM - System Checkpoint
RP328: 3/30/2011 11:56:41 AM - System Checkpoint
RP329: 3/31/2011 4:32:12 PM - System Checkpoint
RP330: 4/1/2011 5:26:51 PM - System Checkpoint
RP331: 4/2/2011 5:39:21 PM - System Checkpoint
RP332: 4/4/2011 8:37:38 AM - System Checkpoint
RP333: 4/5/2011 6:17:51 PM - System Checkpoint
RP334: 4/6/2011 6:39:23 PM - System Checkpoint
RP335: 4/8/2011 7:59:01 AM - System Checkpoint
RP336: 4/9/2011 2:09:00 PM - System Checkpoint
RP337: 4/10/2011 9:19:22 PM - System Checkpoint
RP338: 4/11/2011 9:27:31 PM - System Checkpoint
RP339: 4/12/2011 5:37:57 PM - Software Distribution Service 3.0
RP340: 4/13/2011 12:04:09 AM - Software Distribution Service 3.0
RP341: 4/14/2011 9:09:31 AM - System Checkpoint
RP342: 4/16/2011 9:26:45 AM - System Checkpoint
RP343: 4/17/2011 10:48:58 AM - System Checkpoint
RP344: 4/18/2011 4:45:34 PM - System Checkpoint
RP345: 4/19/2011 10:45:54 PM - System Checkpoint
RP346: 4/21/2011 7:53:07 AM - System Checkpoint
RP347: 4/22/2011 12:54:57 PM - System Checkpoint
RP348: 4/23/2011 2:13:17 PM - System Checkpoint
RP349: 4/24/2011 9:14:09 PM - System Checkpoint
RP350: 4/25/2011 11:02:45 PM - System Checkpoint
RP351: 4/27/2011 9:30:57 AM - System Checkpoint
RP352: 4/27/2011 3:31:04 PM - Software Distribution Service 3.0
RP353: 4/28/2011 9:50:58 PM - System Checkpoint
RP354: 4/30/2011 6:49:02 PM - System Checkpoint
RP355: 5/1/2011 8:19:52 PM - System Checkpoint
RP356: 5/3/2011 1:39:43 PM - System Checkpoint
RP357: 5/4/2011 5:19:21 PM - System Checkpoint
RP358: 5/5/2011 5:51:54 PM - System Checkpoint
RP359: 5/7/2011 11:48:50 AM - System Checkpoint
RP360: 5/8/2011 2:14:59 PM - System Checkpoint
RP361: 5/9/2011 2:38:19 PM - System Checkpoint
RP362: 5/10/2011 5:00:19 PM - System Checkpoint
RP363: 5/11/2011 12:16:03 AM - Software Distribution Service 3.0
RP364: 5/12/2011 10:28:35 AM - System Checkpoint
RP365: 5/13/2011 4:16:05 PM - System Checkpoint
RP366: 5/14/2011 5:42:56 PM - System Checkpoint
RP367: 5/15/2011 6:24:19 PM - System Checkpoint
RP368: 5/16/2011 6:26:20 PM - System Checkpoint
RP369: 5/18/2011 12:23:03 AM - System Checkpoint
RP370: 5/19/2011 1:57:31 AM - System Checkpoint
RP371: 5/20/2011 2:37:07 AM - System Checkpoint
RP372: 5/21/2011 2:48:05 AM - System Checkpoint
RP373: 5/22/2011 4:25:01 AM - System Checkpoint
RP374: 5/23/2011 8:05:52 AM - System Checkpoint
RP375: 5/24/2011 5:22:39 PM - Software Distribution Service 3.0
RP376: 5/25/2011 5:25:27 PM - System Checkpoint
RP377: 5/26/2011 5:57:52 PM - System Checkpoint
RP378: 5/27/2011 6:36:58 PM - System Checkpoint
RP379: 5/28/2011 7:36:58 PM - System Checkpoint
RP380: 5/29/2011 8:36:58 PM - System Checkpoint
RP381: 5/30/2011 9:02:01 PM - System Checkpoint
RP382: 6/1/2011 8:20:34 AM - System Checkpoint
RP383: 6/2/2011 3:03:09 PM - System Checkpoint
RP384: 6/3/2011 4:44:36 PM - System Checkpoint
RP385: 6/5/2011 10:18:07 AM - System Checkpoint
RP386: 6/6/2011 12:37:26 PM - System Checkpoint
RP387: 6/7/2011 5:45:47 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acer eDisplay Management
Acrobat.com
Active@ ISO Burner
Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
Adobe Acrobat 9.4.4 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Presenter 7
Adobe Reader 9.4.2
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Anonymizer Software
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Belarc Advisor 8.1
Blender (remove only)
Bonjour
Broadcom 440x 10/100 Integrated Controller
CamStudio
Canon Utilities Digital Photo Professional 3.9
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
CCleaner
CoreAVC Professional Edition (remove only)
CPUID CPU-Z 1.54
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PhotoNow
CyberLink PowerDirector
Dell Resource CD
Diskeeper Server Standard Edition
Duplicate Email Remover
DVD Decrypter (Remove Only)
EditPlus 2
Everio MediaBrowser HD Edition
Extract Metadata From Multiple Files Software
F-PROT Antivirus for Windows
FOX News Live
Full Tilt Poker
Garmin City Navigator North America NT 2011.31 Update
Good Keywords v3 072809
Google Calendar Sync
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.708
GPL MPEG-1/2 DirectShow Decoder Filter
GSiteCrawler
Haali Media Splitter
HD264 Pack
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Text Extractor
Intel(R) PRO Network Connections Drivers
InterActual Player
Ipswitch WS_FTP Pro
iWisoft Free Video Converter 1.2
Java Auto Updater
Java(TM) 6 Update 21
Juniper Networks Secure Meeting 6.2.0
jv16 PowerTools 2009
Lizardtech DjVu Control
Malwarebytes' Anti-Malware version 1.51.0.1200
Mask Pro 4.1.9a
MediaCoder 2011
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyPublisher
NVIDIA Drivers
NVIDIA PhysX
Opanda IExif 2.3
Panda ActiveScan 2.0
PDF Settings
Photo Mechanic 4.6
Photo Mechanic 4.6.6
Photodex Presenter
Pivot Software
PokerStars
Pro Studio Manager ver.3.5
ProShow Gold
Python 2.6.5
QIF2
QuickBooks Pro 2007
QuickBooks Pro Edition 2004
QuickBooks Product Listing Service
QuickGamma 3.0.0.2
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RideMax for Disneyland 5.1
SDK
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shadow Copy Client
ShredXP
Shutterfly Express Uploader
SigmaTel Audio
SmartSound Quicktracks Plugin
SnagIt 9
Spelling Dictionaries Support For Adobe Reader 9
SPSS 16.0 for Windows
Spybot - Search & Destroy
SupportSoft Assisted Service
SyncToy 2.0 (x86)
Tournament Indicator 1.7.8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VersaCheck 2004 Silver Express
Virtual Account Numbers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinZip
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
6/7/2011 7:44:38 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/7/2011 11:28:57 PM, error: NETLOGON [5719] - No Domain Controller is available for domain TECHWISELAN due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
6/3/2011 7:02:06 PM, error: Removable Storage Service [15] - RSM cannot manage library CdRom1. The database is corrupt.
6/3/2011 7:02:06 PM, error: Removable Storage Service [15] - RSM cannot manage library CdRom0. The database is corrupt.
6/2/2011 10:24:08 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:08 PM, error: Service Control Manager [7034] - The Portrait Displays SDK Service service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:08 PM, error: Service Control Manager [7034] - The Portrait Displays Display Tune Service service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:08 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:08 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:08 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:08 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:08 PM, error: Service Control Manager [7034] - The Anonymizer Management Service service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:08 PM, error: Service Control Manager [7031] - The F-PROT Antivirus for Windows system service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3600 milliseconds: Run the configured recovery program.
6/2/2011 10:24:07 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 10:24:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/2/2011 10:24:06 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2011 7:44:16 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
6/1/2011 7:44:16 AM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
6/1/2011 7:44:16 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

Mr. Chip · 2011/06/08

Additional Information

Hi,

I wanted to share one more thing that may be relevant. This PC is networked to a SBS 2003 server. The desktop of this PC is synched to the server. An IT consultant set this up. My desktop currently has 5,300 files in it that take up 56GB of space. The files are organized into a many level folder tree. Is having this many files a problem?

The size of my desktop has grown a lot in the past year as I have stored copies of jpeg and mpeg files on it.

broni · 2011/06/08

This PC is networked to a SBS 2003 server
Click to expand...

I can't comment on this. I'm not familiar with those kind of settings.

I can check, if your computer is clean though.
So far, so good.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

====================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Mr. Chip · 2011/06/08

aswMBR

Hello broni,

Thank you for helping with this! Here is the log from aswMBR:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-08 15:39:31
-----------------------------
15:39:31.049 OS Version: Windows 5.1.2600 Service Pack 3
15:39:31.049 Number of processors: 2 586 0x403
15:39:31.049 ComputerName: CHIPPC1 UserName: chip
15:39:31.643 Initialize success
15:40:01.689 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18
15:40:01.689 Disk 0 Vendor: WDC_WD2500AAJS-75B4A0 01.03A01 Size: 238418MB BusType: 3
15:40:01.689 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-20
15:40:01.689 Disk 1 Vendor: WDC_WD2500AAJS-75B4A0 01.03A01 Size: 238418MB BusType: 3
15:40:03.704 Disk 0 MBR read successfully
15:40:03.704 Disk 0 MBR scan
15:40:03.704 Disk 0 Windows XP default MBR code
15:40:05.704 Disk 0 scanning sectors +488263545
15:40:05.736 Disk 0 scanning C:\WINDOWS\system32\drivers
15:40:12.642 Service scanning
15:40:13.595 Disk 0 trace - called modules:
15:40:13.595 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:40:13.595 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aec4ab8]
15:40:13.595 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8ae95b00]
15:40:13.595 Scan finished successfully
15:41:00.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\clevinson\Desktop\MBR.dat "
15:41:00.703 The log file has been saved successfully to "C:\Documents and Settings\clevinson\Desktop\aswMBR.txt "

broni · 2011/06/08

You're welcome

Mr. Chip · 2011/06/08

ComboFix log

ComboFix 11-06-08.03 - chip 06/08/2011 15:55:52.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2681 [GMT -7:00]
Running from: c:\documents and settings\clevinson\Desktop\ComboFix.exe
AV: F-PROT Antivirus for Windows *Disabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\clevinson.TECHWISELAN\Desktop\Setup.exe
c:\documents and settings\clevinson\g2mdlhlpx.exe
c:\documents and settings\clevinson\Recent\Thumbs.db
C:\Thumbs.db
D:\install.exe
.
----- BITS: Possible infected sites -----
.
hxxp://theoracle2:8530
.
((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2011-06-07 21:01 . 2011-06-07 21:02 -------- d-----w- C:\rsit
2011-05-18 16:28 . 2011-05-18 16:28 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-18 16:28 . 2011-05-18 16:28 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-18 16:28 . 2011-05-18 16:28 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-18 16:28 . 2011-05-18 16:28 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-18 16:28 . 2011-05-18 16:28 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-18 16:28 . 2011-05-18 16:28 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-18 16:28 . 2011-05-18 16:28 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-18 16:28 . 2011-05-18 16:28 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 16:11 . 2010-03-15 19:28 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2010-03-15 19:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 15:10 . 2011-05-03 15:10 72080 ------w- C:\g2mdlhlpx.exe
2009-01-12 18:35 . 2009-01-12 18:35 107848 ------w- c:\program files\mozilla firefox\plugins\mwmcli.dll
2011-05-18 16:28 . 2011-05-18 16:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 39408]
"QuickGammaLoader "= "c:\program files\QuickGamma\QuickGammaLoader.exe" [2011-03-11 100352]
"GoToMeeting "= "c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-06-08 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"F-PROT Antivirus Tray application "= "c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-07-05 1674032]
"Citi Virtual Account Numbers "= "c:\progra~1\VIRTUA~1\CitiVAN.exe" [2007-12-07 270336]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-09-28 86016]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
"UpdatePDRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"DT ACR "= "c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2009-08-24 81920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2010-11-25 274608]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-9-16 6825288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-23 01:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-01-31 08:36 38840 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
2010-07-24 15:55 39816 ----a-w- c:\program files\Citrix\GoToMeeting\457\g2mstart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 19:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-13 08:23 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe "=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Intuit SyncManager "=c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Tournament Indicator\\Indicator.exe "=
.
R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [11/13/2008 8:20 PM 700632]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/25/2009 4:29 PM 28544]
R2 AnonMgmtSvc;Anonymizer Management Service;c:\program files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [11/17/2008 1:58 PM 37560]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/10/2010 6:39 PM 20968]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [8/31/2010 7:47 AM 109168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/15/2010 12:28 PM 22712]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/10/2010 12:01 AM 57248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [11/3/2010 5:40 PM 83624]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:18 AM 135664]
S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys --> c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [?]
S3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys --> c:\windows\system32\drivers\EvoMouseDriverMini.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:18 AM 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/15/2010 12:28 PM 366640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/22/2009 9:55 AM 717296]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-06-08 c:\windows\Tasks\F-PROT Antivirus - Daily scan.job
- c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe [2010-07-08 00:26]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:18]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:18]
.
2011-06-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3430250972-207886777-1795493786-1141.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3430250972-207886777-1795493786-1141.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-06-04 c:\windows\Tasks\WeeklyPCBackup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: hp.com\h20168.www2
Trusted Zone: hp.com\sbesp.houston
Trusted Zone: vcall.com\events
TCP: Interfaces\{384397BF-7F03-4A0C-8A9E-AA57194AC88E}: NameServer = 192.168.1.33,192.168.2.34
FF - ProfilePath - c:\documents and settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT206400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - San Diego Padres Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT206400&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-QuickGammaResume - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 16:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c509&MI_01&Col01\8&1ab7d858&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(780)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2011-06-08 16:02:53
ComboFix-quarantined-files.txt 2011-06-08 23:02
ComboFix2.txt 2010-03-23 04:07
.
Pre-Run: 112,735,645,696 bytes free
Post-Run: 112,597,032,960 bytes free
.
- - End Of File - - 0B23A63D13422D00A74DCBD4B921BAE7

broni · 2011/06/08

Looks good now...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Mr. Chip · 2011/06/08

OTL.txt Part 1

1 4:24:00 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\clevinson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 76.26% Memory free
5.09 Gb Paging File | 4.53 Gb Available in Paging File | 89.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 104.89 Gb Free Space | 45.05% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 228.23 Gb Free Space | 98.03% Space Free | Partition Type: NTFS
Drive G: | 35.16 Gb Total Space | 26.27 Gb Free Space | 74.71% Space Free | Partition Type: NTFS
Drive M: | 517.81 Gb Total Space | 163.10 Gb Free Space | 31.50% Space Free | Partition Type: NTFS
Drive O: | 70.31 Gb Total Space | 26.00 Gb Free Space | 36.97% Space Free | Partition Type: NTFS

Computer Name: CHIPPC1 | User Name: chip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/08 16:22:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\clevinson\Desktop\OTL.exe
PRC - [2011/06/08 12:56:48 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe
PRC - [2011/06/08 12:56:48 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe
PRC - [2011/06/08 12:56:48 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/25 09:22:43 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/03 17:40:36 | 000,083,624 | ---- | M] (FRISK Software International) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
PRC - [2010/06/15 16:05:22 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2009/08/24 16:17:12 | 000,327,168 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
PRC - [2009/08/24 16:14:48 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/11/17 13:58:04 | 000,037,560 | ---- | M] (Anonymizer) -- C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
PRC - [2008/09/16 06:26:16 | 000,054,600 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\TscHelp.exe
PRC - [2008/09/16 06:26:08 | 000,075,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
PRC - [2008/09/16 06:26:04 | 007,335,240 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\SnagItEditor.exe
PRC - [2008/09/16 06:26:02 | 006,825,288 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe

========== Modules (SafeList) ==========

MOD - [2011/06/08 16:22:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\clevinson\Desktop\OTL.exe
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011/01/11 10:59:44 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
MOD - [2010/11/25 09:23:52 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/03 17:40:36 | 000,083,624 | ---- | M] (FRISK Software International) [Auto | Running] -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -- (FPAVServer)
SRV - [2010/06/15 16:05:22 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/11/17 13:58:04 | 000,037,560 | ---- | M] (Anonymizer) [Auto | Running] -- C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe -- (AnonMgmtSvc)
SRV - [2008/11/13 10:53:39 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/22 13:46:42 | 000,700,632 | ---- | M] (FRISK Software International) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\FStopW.sys -- (FPAV_RTP)
DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/08/21 13:24:10 | 000,057,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/07/22 09:55:38 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/15 13:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/25 07:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/02/09 12:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 12:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/17 15:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaultthis.engineName: "San Diego Padres Customized Web Search "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT206400&SearchSource=3&q={searchTerms} "
FF - prefs.js..browser.search.selectedEngine: "San Diego Padres Customized Web Search "
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://google.com/ "
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.8.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT206400&q= "

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/25 09:23:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 09:29:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 09:29:06 | 000,000,000 | ---D | M]

[2011/05/06 14:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Extensions
[2011/05/06 14:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Extensions\MediaCoderPrefs
[2011/06/02 16:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions
[2010/12/20 14:27:03 | 000,000,000 | ---D | M] ( "Garmin Communicator ") -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 08:34:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/27 13:05:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/25 08:37:23 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/05/23 19:14:03 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/02/17 17:32:42 | 000,000,000 | ---D | M] ( "Exif Viewer ") -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions\exif_viewer@mozilla.doslash.org
[2011/05/05 08:58:56 | 000,000,000 | ---D | M] ( "RankChecker ") -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions\rankchecker@seobook.com
[2010/10/22 08:50:34 | 000,000,000 | ---D | M] (YSlow) -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\extensions\yslow@yahoo-inc.com
[2010/06/08 12:02:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\clevinson\Application Data\Mozilla\Firefox\Profiles\4xr9euph.default\searchplugins\conduit.xml
[2011/05/18 09:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 08:56:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 14:00:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/25 09:23:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CLEVINSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4XR9EUPH.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2010/04/20 08:56:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/18 09:28:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/01/12 11:35:44 | 000,107,848 | ---- | M] (WebEx Communications, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\mwmcli.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/05 00:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2011/05/18 09:29:01 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/08 16:00:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe (Eberhard Werle)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra Button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..Trusted Domains: hp.com ([h20168.www2] https in Trusted sites)
O15 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..Trusted Domains: hp.com ([sbesp.houston] https in Trusted sites)
O15 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..Trusted Domains: vcall.com ([events] http in Trusted sites)
O15 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab (HPVirtualRooms33 Class)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://theoracle2/connectcomputer/nshelp.dll (NSHelp Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228099459805 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://meeting.juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = techwiselan.local
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/12 20:03:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 16:22:07 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\clevinson\Desktop\OTL.exe
[2011/06/08 15:53:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/08 15:53:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/08 15:53:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/08 15:53:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/08 15:53:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/08 15:44:50 | 004,116,281 | R--- | C] (Swearware) -- C:\Documents and Settings\clevinson\Desktop\ComboFix.exe
[2011/06/08 15:35:05 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\clevinson\Desktop\aswMBR.exe
[2011/06/08 08:24:23 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\clevinson\Desktop\dds.scr
[2011/06/07 14:02:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\clevinson\Desktop\chip.exe
[2011/06/07 14:01:59 | 000,000,000 | ---D | C] -- C:\rsit
[2011/06/07 13:53:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\clevinson\Desktop\HijackThis.exe
[2011/06/02 14:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clevinson\Desktop\Dodger Players
[2011/05/11 23:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clevinson\Desktop\Dodgers May 11
[2011/05/09 17:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clevinson\Start Menu\Programs\MediaCoder
[2011/05/09 17:29:03 | 004,897,386 | ---- | C] (ffdshow ) -- C:\Documents and Settings\clevinson\Desktop\ffdshow_rev3800_20110328.exe
[2 O:\ChipPC1\*.tmp files -> O:\ChipPC1\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/08 16:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3430250972-207886777-1795493786-1141.job
[2011/06/08 16:24:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3430250972-207886777-1795493786-1141.job
[2011/06/08 16:22:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\clevinson\Desktop\OTL.exe
[2011/06/08 16:00:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 15:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/08 15:45:00 | 004,116,281 | R--- | M] (Swearware) -- C:\Documents and Settings\clevinson\Desktop\ComboFix.exe
[2011/06/08 15:41:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\MBR.dat
[2011/06/08 15:39:13 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\clevinson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 15:37:18 | 035,576,575 | ---- | M] () -- C:\2011-06-08 Concall with TechWise Listen then SHRED.wmv
[2011/06/08 15:35:07 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\clevinson\Desktop\aswMBR.exe
[2011/06/08 12:24:21 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/08 12:23:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 12:23:33 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/08 08:24:23 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\clevinson\Desktop\dds.scr
[2011/06/08 08:22:42 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\MBRCheck.exe
[2011/06/08 08:12:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 19:04:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\plh3fovy.exe
[2011/06/07 19:01:48 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\F-PROT Antivirus - Daily scan.job
[2011/06/07 14:01:28 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\RSIT.exe
[2011/06/07 13:53:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\clevinson\Desktop\HijackThis.exe
[2011/06/07 13:53:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\clevinson\Desktop\chip.exe
[2011/06/06 16:35:48 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\clevinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/05 17:22:24 | 000,116,363 | ---- | M] () -- O:\ChipPC1\MOVE_Dance_RESULTS.pdf
[2011/06/03 19:12:47 | 000,000,848 | ---- | M] () -- C:\WINDOWS\tasks\WeeklyPCBackup.job
[2011/06/02 23:04:55 | 119,462,616 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\ADBEAFETCS4_LS7.7z.part
[2011/06/02 22:15:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/30 23:46:03 | 003,812,265 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\Rena Levinson 2009.jpg
[2011/05/30 23:43:51 | 003,292,742 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\Rena Levinson First Year.jpg
[2011/05/30 23:20:36 | 003,686,454 | ---- | M] () -- O:\ChipPC1\SnapShot(2).bmp
[2011/05/30 23:07:47 | 000,000,557 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\Shortcut to 2011_02_11 Rena HipHop 1.mpg.lnk
[2011/05/30 22:49:01 | 008,459,136 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\Rena Year 1.jpg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 11:16:03 | 000,002,006 | ---- | M] () -- O:\ChipPC1\Default.rdp
[2011/05/23 17:00:34 | 000,216,008 | ---- | M] () -- O:\ChipPC1\ISO_12233-reschart.pdf
[2011/05/15 09:18:09 | 000,141,978 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\etix.pdf
[2011/05/13 15:48:47 | 370,298,880 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\XX31_Lists_fordatabase TCO.mdb
[2011/05/12 17:04:46 | 026,738,688 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\XX32_List_copy.mdb
[2011/05/12 16:42:39 | 000,057,968 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\tonerreceipt.pdf
[2011/05/11 00:07:27 | 000,671,138 | ---- | M] () -- O:\ChipPC1\PhotoshopCS5_performance.pdf
[2011/05/09 23:27:45 | 000,015,637 | ---- | M] () -- C:\WINDOWS\shredxp.ini
[2011/05/09 17:31:29 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\MediaCoder.lnk
[2011/05/09 17:29:35 | 004,897,386 | ---- | M] (ffdshow ) -- C:\Documents and Settings\clevinson\Desktop\ffdshow_rev3800_20110328.exe
[2 O:\ChipPC1\*.tmp files -> O:\ChipPC1\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/08 15:53:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/08 15:53:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/08 15:53:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/08 15:53:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/08 15:53:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/08 15:41:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\MBR.dat
[2011/06/08 13:04:10 | 035,576,575 | ---- | C] () -- C:\2011-06-08 Concall with TechWise Listen then SHRED.wmv
[2011/06/08 08:22:41 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\MBRCheck.exe
[2011/06/07 19:04:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\plh3fovy.exe
[2011/06/07 14:01:28 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\RSIT.exe
[2011/06/05 17:22:24 | 000,116,363 | ---- | C] () -- O:\ChipPC1\MOVE_Dance_RESULTS.pdf
[2011/06/02 23:03:44 | 119,462,616 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\ADBEAFETCS4_LS7.7z.part
[2011/05/30 23:45:08 | 003,812,265 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\Rena Levinson 2009.jpg
[2011/05/30 23:43:48 | 003,292,742 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\Rena Levinson First Year.jpg
[2011/05/30 23:20:34 | 003,686,454 | ---- | C] () -- O:\ChipPC1\SnapShot(2).bmp
[2011/05/30 23:03:51 | 004,271,898 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\112-1257_IMG.JPG
[2011/05/30 23:01:57 | 000,000,557 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\Shortcut to 2011_02_11 Rena HipHop 1.mpg.lnk
[2011/05/30 22:48:55 | 008,459,136 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\Rena Year 1.jpg
[2011/05/23 17:00:34 | 000,216,008 | ---- | C] () -- O:\ChipPC1\ISO_12233-reschart.pdf
[2011/05/19 13:23:47 | 2270,995,968 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\Scenario 7 config.avi
[2011/05/18 13:11:51 | 002,528,279 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\The Beatles - When Im 64.mp3
[2011/05/18 09:29:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/15 09:18:09 | 000,141,978 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\etix.pdf
[2011/05/13 15:05:26 | 370,298,880 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\XX31_Lists_fordatabase TCO.mdb
[2011/05/12 16:42:39 | 000,057,968 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\tonerreceipt.pdf
[2011/05/12 11:38:12 | 026,738,688 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\XX32_List_copy.mdb
[2011/05/11 00:07:27 | 000,671,138 | ---- | C] () -- O:\ChipPC1\PhotoshopCS5_performance.pdf
[2011/05/09 17:31:29 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\clevinson\Desktop\MediaCoder.lnk
[2011/02/14 01:06:05 | 000,013,389 | ---- | C] () -- C:\Documents and Settings\clevinson\Application Data\Comma Separated Values (DOS).CAL
[2010/12/21 03:12:07 | 000,737,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3430250972-207886777-1795493786-1141-0.dat
[2010/12/21 03:12:07 | 000,367,530 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/31 07:48:54 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2010/07/06 09:23:36 | 000,038,521 | ---- | C] () -- C:\Documents and Settings\clevinson\Application Data\Comma Separated Values (Windows).ADR
[2010/06/03 12:42:19 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/03 12:42:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/15 18:17:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/26 15:13:30 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\clevinson\Local Settings\Application Data\fusioncache.dat
[2010/02/08 22:46:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/01/03 23:05:14 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/12/03 15:46:00 | 000,000,140 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/27 16:12:21 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/06 16:02:29 | 000,134,196 | ---- | C] () -- C:\WINDOWS\HTML Text Extractor Uninstaller.exe
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/04/15 16:25:02 | 000,009,345 | ---- | C] () -- C:\Documents and Settings\clevinson\Application Data\Tab Separated Values (Windows).EML
[2009/03/21 21:24:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/02 17:44:24 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\clevinson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/17 11:40:26 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\OBroker.exe
[2008/11/14 11:36:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2008/11/13 18:39:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/11/13 18:39:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/11/13 18:39:38 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/13 18:35:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/13 18:35:58 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/13 18:29:36 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/11/12 23:11:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/12 21:38:15 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/11/12 21:37:50 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/11/12 20:05:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/12 20:00:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/12 11:51:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/12 11:49:43 | 001,597,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,526,034 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,095,890 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/03 16:12:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/05/15 16:29:44 | 000,015,637 | ---- | C] () -- C:\WINDOWS\shredxp.ini

========== LOP Check ==========

[2009/04/13 10:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anonymizer
[2009/03/21 23:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Camera Bits, Inc
[2010/01/03 23:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/11/13 20:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2008/12/13 13:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2010/12/20 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2009/02/02 19:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/11/16 14:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/06/15 16:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/05/07 15:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2008/11/13 18:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2009/07/25 13:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/11/13 18:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2010/01/03 23:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/11/14 00:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/21 23:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/04/13 10:10:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}
[2009/07/09 22:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/13 10:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Anonymizer
[2010/06/09 00:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Blender Foundation
[2011/05/09 17:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Broad Intelligence
[2009/03/21 23:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Camera Bits, Inc
[2009/08/28 22:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Canon
[2009/10/27 15:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/11 00:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\com.Shutterfly.ExpressUploader
[2010/08/31 08:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\DisplayTune
[2009/03/02 11:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/02/04 18:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\FRISK Software
[2009/02/02 19:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\G7PS
[2010/12/20 14:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\GARMIN
[2009/02/02 19:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Juniper Networks
[2010/11/17 17:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Mask Pro 4.0
[2010/02/27 12:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\MyPublisher
[2009/07/10 23:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Netscape
[2009/07/12 16:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Photodex
[2010/11/08 16:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\StarExplorer
[2009/02/02 16:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson\Application Data\Windows Search
[2008/11/13 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson.TECHWISELAN\Application Data\FRISK Software
[2008/12/13 13:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson.TECHWISELAN\Application Data\G7PS
[2008/11/13 20:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson.TECHWISELAN\Application Data\Leadertech
[2008/12/02 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson.TECHWISELAN\Application Data\TotalTrain
[2008/11/20 09:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson.TECHWISELAN\Application Data\WebEx
[2008/11/13 01:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson.TECHWISELAN\Application Data\Windows Desktop Search
[2008/11/13 19:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clevinson.TECHWISELAN\Application Data\Windows Search
[2011/06/07 19:01:48 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\F-PROT Antivirus - Daily scan.job
[2011/06/03 19:12:47 | 000,000,848 | ---- | M] () -- C:\WINDOWS\Tasks\WeeklyPCBackup.job

========== Purity Check ==========

Mr. Chip · 2011/06/08

OTL.txt Part 2

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/06/08 15:37:18 | 035,576,575 | ---- | M] () -- C:\2011-06-08 Concall with TechWise Listen then SHRED.wmv
[2009/07/04 14:10:12 | 000,029,614 | ---- | M] () -- C:\2_BatMitzvahTable.docx
[2009/02/12 01:05:03 | 000,000,000 | ---- | M] () -- C:\asoutput.log
[2009/04/25 19:43:25 | 000,008,721 | ---- | M] () -- C:\asyncmac.zip
[2008/11/12 20:03:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/12 15:15:49 | 000,016,477 | ---- | M] () -- C:\Avatar4.JPG
[2009/09/01 13:36:38 | 000,030,406 | ---- | M] () -- C:\banner-60.jpg
[2009/07/04 12:52:23 | 000,029,060 | ---- | M] () -- C:\BatMitzvahTable.docx
[2010/01/04 14:11:37 | 000,049,994 | ---- | M] () -- C:\Bod2.jpg
[2010/08/24 13:26:21 | 000,150,652 | ---- | M] () -- C:\Body_1.JPG
[2010/08/24 13:28:44 | 000,052,888 | ---- | M] () -- C:\Body_2.JPG
[2008/11/12 19:57:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/15 13:39:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/19 00:49:15 | 2793,469,952 | ---- | M] () -- C:\Cardinals_Season.mpg
[2010/05/16 19:27:56 | 000,008,170 | ---- | M] () -- C:\CES.xml
[2009/09/02 22:36:05 | 000,815,157 | ---- | M] () -- C:\ChipsMoon2.jpg
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/06/08 16:02:54 | 000,013,262 | ---- | M] () -- C:\ComboFix.txt
[2008/11/12 20:03:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/04 14:02:04 | 001,235,066 | ---- | M] () -- C:\edited XX37_Tukwila_Benchmark_testedit.pdf
[2009/09/16 11:55:35 | 000,090,635 | ---- | M] () -- C:\Estate_Planning_Questionnaire_08.pdf
[2009/05/17 20:06:57 | 000,003,638 | ---- | M] () -- C:\favicon.ico
[2011/05/03 08:10:54 | 000,072,080 | ---- | M] () -- C:\g2mdlhlpx.exe
[2011/04/25 08:58:35 | 000,024,138 | ---- | M] () -- C:\XX31_mailmerge_2xrcustomlinks_1.avi
[2011/04/24 11:58:45 | 136,446,327 | ---- | M] () -- C:\XX31_mailmerge_2xrcustomlinks_1.mov
[2011/05/03 11:35:40 | 001,222,023 | ---- | M] () -- C:\XX37_Tukwila_Benchmark_testedit.pdf
[2009/12/08 14:16:06 | 000,195,862 | ---- | M] () -- C:\iFinity.UrlMaster_01.15.01_Install.zip
[2008/11/12 20:03:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/13 18:33:19 | 000,000,000 | ---- | M] () -- C:\law.sp
[2009/10/15 19:44:07 | 000,015,338 | ---- | M] () -- C:\Lester Lost in New York.docx
[2008/11/12 20:03:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/01 15:53:05 | 000,090,828 | ---- | M] () -- C:\NewTechWiseBanner.jpg
[2009/09/01 15:55:00 | 000,091,144 | ---- | M] () -- C:\NewTechWiseBanner_96.jpg
[2009/09/01 16:03:46 | 000,091,376 | ---- | M] () -- C:\NewTW_Banner_96back.jpg
[2009/12/01 13:00:08 | 000,001,098 | ---- | M] () -- C:\not_found.html
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/08 08:12:14 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/12/10 14:42:47 | 000,000,332 | ---- | M] () -- C:\panel.htm
[2010/08/31 07:47:50 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009/07/11 00:11:44 | 000,001,467 | ---- | M] () -- C:\photodex-presenter-install.log
[2010/08/31 07:49:00 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2009/12/01 10:50:44 | 000,000,141 | ---- | M] () -- C:\SiteMap.aspx
[2009/12/01 10:50:47 | 000,005,918 | ---- | M] () -- C:\SiteMap.aspx.vb
[2010/03/15 19:51:11 | 000,049,648 | ---- | M] () -- C:\TDSSKiller.txt
[2009/12/04 15:17:47 | 000,008,916 | ---- | M] () -- C:\TechWise-Logo-3.gif
[2009/09/01 14:00:09 | 000,092,031 | ---- | M] () -- C:\TechWiseBanner.jpg
[2009/09/01 12:15:53 | 000,101,559 | ---- | M] () -- C:\TechWise_banner.jpg
[2009/09/01 13:49:41 | 000,092,687 | ---- | M] () -- C:\TechWise_banner2.jpg
[2009/12/04 01:29:11 | 000,055,807 | ---- | M] () -- C:\Trademark-Infringement-graphic1.jpg
[2008/07/30 06:26:37 | 006,010,656 | ---- | M] (JAM Software ) -- C:\TreeSizeProfessional-Full.exe
[2009/09/01 18:04:55 | 000,107,562 | ---- | M] () -- C:\TWbanner_1100.jpg
[2011/04/02 21:28:42 | 000,014,016 | ---- | M] () -- C:\Virginia Bill Tracker 2010 Repairs.xlsx
[2009/10/10 08:49:56 | 000,030,276 | ---- | M] () -- C:\web.config
[2009/10/10 08:54:51 | 000,030,276 | ---- | M] () -- C:\web.config.5
[2009/10/01 17:54:36 | 000,004,041 | ---- | M] () -- C:\yugmaerr.log
[2009/10/01 17:54:36 | 000,000,098 | ---- | M] () -- C:\yugmaout.log

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/11/12 20:02:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/11/12 11:49:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/12 11:49:10 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/12 11:49:10 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/12 20:03:27 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/11/12 20:07:44 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\clevinson\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/11/12 20:07:44 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\clevinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/06/02 23:03:37 | 001,228,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\clevinson\Desktop\ADBEAFETCS4_LS7.exe
[2011/06/08 15:35:07 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\clevinson\Desktop\aswMBR.exe
[2011/06/07 13:53:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\clevinson\Desktop\chip.exe
[2011/06/08 15:45:00 | 004,116,281 | R--- | M] (Swearware) -- C:\Documents and Settings\clevinson\Desktop\ComboFix.exe
[2011/05/09 17:29:35 | 004,897,386 | ---- | M] (ffdshow ) -- C:\Documents and Settings\clevinson\Desktop\ffdshow_rev3800_20110328.exe
[2011/06/07 13:53:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\clevinson\Desktop\HijackThis.exe
[2011/06/08 08:22:42 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\MBRCheck.exe
[2011/05/02 21:06:58 | 029,013,943 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\MediaCoder2011-R3-5138.exe
[2011/06/08 16:22:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\clevinson\Desktop\OTL.exe
[2011/06/07 19:04:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\plh3fovy.exe
[2011/06/07 14:01:28 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\clevinson\Desktop\RSIT.exe
[2010/03/15 20:42:27 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\clevinson\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/10/16 10:40:02 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\clevinson\Favorites\4xr9euph.default.lnk
[2008/11/12 20:07:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\clevinson\Favorites\Desktop.ini
[2011/01/30 14:09:00 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\clevinson\Favorites\Local outlook OST.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/10/27 12:37:43 | 000,012,506 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
HTML Text Extractor Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/03/22 15:01:42 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\clevinson\Cookies\desktop.ini
[2011/06/08 16:23:57 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\clevinson\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 05:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 00:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 05:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 00:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 00:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 2
"RescheduleWaitTimeEnabled" = 1
"RescheduleWaitTime" = 1
"RebootWarningTimeoutEnabled" = 1
"RebootWarningTimeout" = 5
"RebootRelaunchTimeoutEnabled" = 1
"RebootRelaunchTimeout" = 10
"DetectionFrequencyEnabled" = 1
"DetectionFrequency" = 1
"AutoInstallMinorUpdates" = 1
"UseWUServer" = 1
"NoAutoRebootWithLoggedOnUsers" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 352 bytes -> C:\XX37_Tukwila_Benchmark_testedit.pdf:SummaryInformation

< End of report >

Mr. Chip · 2011/06/08

extras.txt

OTL Extras logfile created on: 6/8/2011 4:24:00 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\clevinson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 76.26% Memory free
5.09 Gb Paging File | 4.53 Gb Available in Paging File | 89.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 104.89 Gb Free Space | 45.05% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 228.23 Gb Free Space | 98.03% Space Free | Partition Type: NTFS
Drive G: | 35.16 Gb Total Space | 26.27 Gb Free Space | 74.71% Space Free | Partition Type: NTFS
Drive M: | 517.81 Gb Total Space | 163.10 Gb Free Space | 31.50% Space Free | Partition Type: NTFS
Drive O: | 70.31 Gb Total Space | 26.00 Gb Free Space | 36.97% Space Free | Partition Type: NTFS

Computer Name: CHIPPC1 | User Name: chip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management
"80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\SPSSInc\SPSS16\spss.exe" = C:\Program Files\SPSSInc\SPSS16\spss.exe:*isabled:SPSS 16.0 for Windows (1033:exe) -- (SPSS Inc)
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*isabled:SPSS Basic Script Editor (1033) -- (SPSS Inc.)
"C:\Program Files\SPSSInc\SPSS16\spss.com" = C:\Program Files\SPSSInc\SPSS16\spss.com:*isabled:SPSS 16.0 for Windows (1033:com) -- (SPSS Inc)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\LMI381.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI381.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI14A9.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI14A9.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMID9.tmp\lmi_rescue.exe" = C:\WINDOWS\LMID9.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMIDF.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIDF.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI6.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI6.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe" = C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe:*:Enabled:AnonProxy -- ( Anonymizer, Inc.)
"C:\Program Files\WS_FTP Pro\wsftppro.exe" = C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington MA)
"C:\WINDOWS\LMI14A.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI14A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\SOFTplus\GSiteCrawler\GSiteCrawler.exe" = C:\Program Files\SOFTplus\GSiteCrawler\GSiteCrawler.exe:*:Enabled:Site-Crawler + Google SiteMap creator -- (SOFTplus Entwicklungen GmbH)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\LMI170.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI170.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Tournament Indicator\Indicator.exe" = C:\Program Files\Tournament Indicator\Indicator.exe:*:Enabled:Tournament Indicator -- (TournamentIndicator.com)
"C:\Documents and Settings\clevinson\Local Settings\temp\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\clevinson\Local Settings\temp\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Tournament Indicator\Indicator.exe" = C:\Program Files\Tournament Indicator\Indicator.exe:*:Enabled:Tournament Indicator -- (TournamentIndicator.com)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D238844-B565-413A-A261-B59BD046FEC7}" = VersaCheck 2004 Silver Express
"{1D2884B8-1771-4CE1-9DE5-1235E2ED7186}" = Pro Studio Manager ver.3.5
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1.9a
"{2FADA80A-5D89-4CC8-9ED7-445527754A83}" = SnagIt 9
"{3436BCF8-D043-4101-8669-53C7F8402C16}" = ShredXP
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36BFB07B-F574-4E2A-89B9-DA0531774414}" = Pro Studio Manager ver.3.5
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46B8AE59-A7CB-4C70-BE55-A5B61E5B72D3}" = HD264 Pack
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59366175-55F2-411B-9911-3D71D46CD073}" = Anonymizer Software
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70A7A213-9C88-4CFD-926F-9B9016968C6C}" = QIF2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}" = Duplicate Email Remover
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82E7071E-2386-4B87-9C18-EDB8A7FBE4FF}" = Garmin City Navigator North America NT 2011.31 Update
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_944" = Adobe Acrobat 9.4.4 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43BE8DB-F9B3-49FF-A027-A0F70CCE993A}" = Diskeeper Server Standard Edition
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers
"{E58B329B-FB28-4874-90DE-0D7CB2709267}" = F-PROT Antivirus for Windows
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Presenter 7" = Adobe Presenter 7
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"All ATI Software" = ATI - Software Uninstall Utility
"Anonymizer Software" = Anonymizer Software
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 8.1
"Blender" = Blender (remove only)
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EditPlus 2" = EditPlus 2
"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4
"EOS Utility" = Canon Utilities EOS Utility
"Extract Metadata From Multiple Files Software_is1" = Extract Metadata From Multiple Files Software
"Good Keywords v3_is1" = Good Keywords v3 072809
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"GSiteCrawler" = GSiteCrawler
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"HTML Text Extractor" = HTML Text Extractor
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InterActual Player" = InterActual Player
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MediaCoder" = MediaCoder 2011
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher" = MyPublisher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opanda IExif_is1" = Opanda IExif 2.3
"Photo Mechanic 4.6" = Photo Mechanic 4.6
"Photo Mechanic 4.6.6" = Photo Mechanic 4.6.6
"Photodex Presenter" = Photodex Presenter
"PhotoStitch" = Canon Utilities PhotoStitch
"PokerStars" = PokerStars
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"ProShow Gold" = ProShow Gold
"QuickGamma_is1" = QuickGamma 3.0.0.2
"RealPlayer 12.0" = RealPlayer
"RideMax Disneyland" = RideMax for Disneyland 5.1
"Tournament Indicator_is1" = Tournament Indicator 1.7.8
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
"Juniper Secure Meeting 6.2.0" = Juniper Networks Secure Meeting 6.2.0
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2011 3:23:22 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 3:23:22 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 4:17:57 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 4:17:57 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 4:54:24 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 4:54:24 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 6:08:59 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 6:08:59 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 6:47:25 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/8/2011 6:47:25 PM | Computer Name = CHIPPC1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 6/24/2010 5:21:10 PM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 108
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/11/2010 4:44:28 PM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/3/2011 1:47:59 AM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14730
seconds with 3000 seconds of active time. This session ended with a crash.

Error - 1/3/2011 2:03:04 AM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 437 seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/3/2011 2:59:54 AM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4296
seconds with 540 seconds of active time. This session ended with a crash.

Error - 1/11/2011 5:04:58 PM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 9260 seconds with 1200 seconds of active time. This session ended with a
crash.

Error - 2/1/2011 8:48:26 PM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9128
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 2/2/2011 4:22:39 PM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19188
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 3/14/2011 6:58:33 PM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 300
seconds with 240 seconds of active time. This session ended with a crash.

Error - 5/2/2011 7:58:39 PM | Computer Name = CHIPPC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 9152 seconds with 5520 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 6/7/2011 4:35:12 PM | Computer Name = CHIPPC1 | Source = Service Control Manager | ID = 7034
Description = The Portrait Displays SDK Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/7/2011 4:35:12 PM | Computer Name = CHIPPC1 | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/7/2011 4:35:12 PM | Computer Name = CHIPPC1 | Source = Service Control Manager | ID = 7034
Description = The ScsiAccess service terminated unexpectedly. It has done this
1 time(s).

Error - 6/7/2011 4:35:12 PM | Computer Name = CHIPPC1 | Source = Service Control Manager | ID = 7034
Description = The Anonymizer Management Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/7/2011 10:51:13 PM | Computer Name = CHIPPC1 | Source = Service Control Manager | ID = 7031
Description = The F-PROT Antivirus for Windows system service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
3600 milliseconds: Run the configured recovery program.

Error - 6/8/2011 2:28:57 AM | Computer Name = CHIPPC1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain TECHWISELAN due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 6/8/2011 2:58:44 AM | Computer Name = CHIPPC1 | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library CdRom0. The database is corrupt.

Error - 6/8/2011 2:58:44 AM | Computer Name = CHIPPC1 | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library CdRom1. The database is corrupt.

Error - 6/8/2011 6:46:52 PM | Computer Name = CHIPPC1 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 6/8/2011 6:55:41 PM | Computer Name = CHIPPC1 | Source = Service Control Manager | ID = 7034
Description = The Portrait Displays Display Tune Service service terminated unexpectedly.
It has done this 1 time(s).

< End of report >

broni · 2011/06/08

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O15 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..Trusted Domains: hp.com ([h20168.www2] https in Trusted sites)
O15 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..Trusted Domains: hp.com ([sbesp.houston] https in Trusted sites)
O15 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..Trusted Domains: vcall.com ([events] http in Trusted sites)
O15 - HKU\S-1-5-21-3430250972-207886777-1795493786-1141\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2 O:\ChipPC1\*.tmp files -> O:\ChipPC1\*.tmp -> ]
@Alternate Data Stream - 352 bytes -> C:\XX37_Tukwila_Benchmark_testedit.pdf:SummaryInformation


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Mr. Chip · 2011/06/08

New OTL log and Question

Hi broni,

Thank you for the amazing help with this. Below is the new OTL log. I had a little hiccup that hopefully is not a problem. I accidentally started to run ComboFix instead of OTL this last time. I didn't see my mistake until a warning popped up that said that my antivirus is still active. I clicked the only box then it said I will proceed at my own risk. I did not see any sure way of backing out, so I went to the task bar and looked at my processes and manually killed the two processes. I then rebooted and ran OTL.

I hope I didn't corrupt anything!!!

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hp.com\h20168.www2\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hp.com\sbesp.houston\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vcall.com\events\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3430250972-207886777-1795493786-1141\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
O:\ChipPC1\~rpG9JTA.tmp folder deleted successfully.
O:\ChipPC1\~rpHUQHK.tmp folder deleted successfully.
Unable to delete ADS C:\XX37_Tukwila_Benchmark_testedit.pdf:SummaryInformation .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: clevinson
->Temp folder emptied: 21038915 bytes
->Temporary Internet Files folder emptied: 417919 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 48205970 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 838 bytes

User: clevinson.TECHWISELAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: CLEVIN~1~TEC

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: __sbs_netsetup__
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 17272 bytes

Total Files Cleaned = 67.00 mb

[EMPTYFLASH]

User: All Users

User: clevinson
->Flash cache emptied: 0 bytes

User: clevinson.TECHWISELAN
->Flash cache emptied: 0 bytes

User: CLEVIN~1~TEC

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: mike
->Flash cache emptied: 0 bytes

User: NetworkService

User: __sbs_netsetup__

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06082011_174833

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2011/06/08

You're very welcome
Go on....

Mr. Chip · 2011/06/08

Security Check Log

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
F-PROT Antivirus for Windows
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
FRISK Software F-PROT Antivirus for Windows FPAVServer.exe
FRISK Software F-PROT Antivirus for Windows FProtTray.exe
``````````End of Log````````````

Log in or Sign up

Solved Windows XP SP3 running slow

Mr. Chip Well-Known Member Thread Starter

wildfire Getting Old

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Windows XP SP3 running slow

Mr. Chip Well-Known Member Thread Starter

wildfire Getting Old

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Mr. Chip Well-Known Member Thread Starter

Share This Page

Useful Searches