Solved Shouldn't have let the kid borrow the box

broni · 2010/06/11

Hmm....

Please download AVP Tool by Kaspersky.

Save it to your desktop.

Reboot your computer in SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.

Use your up arrow key to highlight SafeMode then hit Enter.

Double click the setup file to start installation.

It will by default install it to your desktop folder.

After installation, black window may open for a few moments. It's normal.

When program opens, make sure following boxes are checked:

[*]Hidden startup objects
[*]Startup Objects
[*]Disk Boot Sectors.
[*]My Computer.
[*]Any internal, or external drives

After that click on Recommended (next to "Security level ")then Settings then Additional tab and make sure, Deep scan under "Rootkit scan" is checked. Click OK.

Click on Start scan green button.

It will automatically neutralize any objects found.

If some objects are left un-neutralized then click the button that says Neutralize all.

If it says it cannot be neutralized then chooose The delete option when prompted.

After that is done click on the reports button at the bottom and save it to file name it VRT.

Save the file to your desktop and just post only the detected Virus\malware in the report. It will be at the very top under Detected.

Note: This tool will self uninstall when you close it so please save the log before closing it.

scorekeeper · 2010/06/11

You're gonna love this. It got as far as the windows logo, then froze up.

I tried it 3 times, and the same thing happened every time.

I'll wait for further instructions.

broni · 2010/06/11

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

scorekeeper · 2010/06/12

OTL logfile created on: 6/12/2010 8:23:52 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 333.00 Mb Available Physical Memory | 65.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 10.83 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
Drive D: | 32.85 Gb Total Space | 22.47 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.81 Gb Total Space | 3.46 Gb Free Space | 44.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKS-MACHINE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/12 08:16:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/03/01 15:16:23 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 15:16:21 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/11/04 18:14:08 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2007/01/22 22:19:26 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2006/11/21 18:38:38 | 000,202,344 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/01/17 14:03:06 | 000,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2005/11/29 11:50:06 | 000,116,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymTray.exe
PRC - [2005/11/14 08:24:04 | 000,595,632 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
PRC - [2005/11/03 20:06:21 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/11/03 17:08:01 | 000,095,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2005/11/03 16:44:58 | 000,176,193 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2004/09/07 08:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2004/06/05 15:10:08 | 001,056,864 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
PRC - [2004/03/18 10:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2003/06/19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 12:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 12:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/01/23 18:08:46 | 000,716,800 | ---- | M] () -- C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe
PRC - [2002/10/15 19:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINNT\mixer.exe
PRC - [2002/07/09 10:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2002/06/12 00:17:40 | 000,352,256 | ---- | M] (FinePrint Software, LLC) -- C:\WINNT\system32\spool\drivers\w32x86\2\fppdis1.exe

========== Modules (SafeList) ==========

MOD - [2010/06/12 08:16:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2007/01/22 22:25:58 | 000,377,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCL40.DLL
MOD - [2005/11/14 08:24:04 | 000,607,920 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton GoBack\ShellExt.dll
MOD - [2005/09/23 18:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2004/03/18 10:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2004/03/18 10:26:48 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/03/18 10:26:12 | 000,005,120 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\KbdHook.dll
MOD - [2003/06/19 12:05:04 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2003/06/19 12:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003/06/19 12:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [2003/03/18 22:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp71.dll
MOD - [2003/02/21 06:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\Msvcr71.dll
MOD - [2002/07/09 10:50:00 | 000,043,520 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\CCMSGHK.DLL
MOD - [2002/07/09 10:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL
MOD - [1999/12/07 05:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/01 15:16:21 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/11/04 18:14:08 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/01/16 12:25:28 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006/11/21 18:38:38 | 000,202,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/05/15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/02/03 18:29:36 | 000,072,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/12/19 20:41:56 | 000,198,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/11/14 08:24:04 | 000,595,632 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe -- (GBPoll)
SRV - [2005/11/03 20:06:21 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/11/03 17:08:01 | 000,095,832 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2005/11/03 16:44:58 | 000,176,193 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2004/09/07 08:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 12:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 12:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 12:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 12:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 12:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2000/06/23 06:00:00 | 001,702,400 | ---- | M] (Inprise Corporation) [On_Demand | Stopped] -- C:\Program Files\InterBase\Bin\ibserver.exe -- (InterBaseServer)
SRV - [2000/06/23 06:00:00 | 000,022,016 | ---- | M] (Inprise Corporation) [On_Demand | Stopped] -- C:\Program Files\InterBase\Bin\ibguard.exe -- (InterBaseGuardian)

========== Driver Services (SafeList) ==========

DRV - [2009/04/27 14:14:22 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINNT\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/15 13:04:26 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090706.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/04/15 13:04:26 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/04/15 13:04:26 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090706.016\NAVENG.SYS -- (NAVENG)
DRV - [2009/02/25 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2009/01/06 11:44:15 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/10/02 23:55:42 | 000,158,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20071031.003\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2007/10/01 15:49:26 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/01 15:49:20 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/01 15:49:16 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/01 15:49:10 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/10/01 15:49:04 | 000,098,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/01 15:48:56 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/04/09 21:44:52 | 000,391,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/12/15 12:17:13 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2006/07/07 18:47:23 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/19 20:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 20:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/11/14 08:24:04 | 000,117,760 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\GoBack2k.sys -- (GoBack2K)
DRV - [2005/11/14 08:24:04 | 000,015,360 | R--- | M] (Symantec Corporation) [File_System | Auto | Stopped] -- C:\WINNT\system32\drivers\GBFSHook.sys -- (GBFSHook)
DRV - [2005/11/14 08:24:04 | 000,005,632 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\GBDevice.sys -- (GBDevice)
DRV - [2005/11/03 16:56:04 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2005/11/03 16:43:42 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2005/02/06 12:32:16 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2005/02/06 12:32:16 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/07/09 03:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2004/06/04 13:12:10 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/05/20 09:46:42 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/05/20 09:46:38 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/10 14:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/06/19 12:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 12:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 12:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 12:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 12:05:04 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/06/19 12:05:04 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/06/19 12:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 12:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/01/28 17:41:26 | 000,155,152 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rtl8180.sys -- (rtl8180)
DRV - [2002/11/18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/09 02:50:00 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\lmouflt2.sys -- (lmouflt2)
DRV - [2002/07/09 02:50:00 | 000,050,862 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\L8042pr2.sys -- (l8042pr2)
DRV - [2002/07/09 02:50:00 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\lkbdflt2.sys -- (lkbdflt2)
DRV - [2002/03/26 13:43:34 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [1999/12/07 05:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [1999/12/07 05:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [1999/10/29 16:28:02 | 000,052,272 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sis300p.sys -- (SiS300)
DRV - [1999/09/25 03:37:28 | 000,065,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [1999/09/25 00:55:30 | 000,602,128 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\winacpci.sys -- (Winacpci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mailguard.calweb.com/login.php?lang=en|http://asmiforum.proboards.com/index.cgi?|http://www.infosports.com/scorekeeper|http://www.baseball-fever.com/forumdisplay.php?f=53|http://www.infosports.com/forum/viewforum.php?f=2|http://www.whitehouse.gov/feed/blog/ "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "localhost "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 14:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 14:14:25 | 000,000,000 | ---D | M]

[2008/08/26 11:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/01/25 21:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4k9xxk3.default\extensions
[2010/06/12 08:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 14:14:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/10 15:19:50 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINNT\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v1] C:\WINNT\system32\spool\drivers\w32x86\2\fppdis1.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Cardbus.lnk = C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201320796428 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.3178935185 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\NANI.BMP
O24 - Desktop BackupWallPaper: C:\WINNT\Web\Wallpaper\NANI.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/23 15:47:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/02/13 09:27:08 | 000,000,107 | ---- | M] () - F:\AUTOEXEC.NS0 -- [ FAT32 ]
O32 - AutoRun File - [2002/02/13 10:06:08 | 000,000,107 | ---- | M] () - F:\AutoExec.bat -- [ FAT32 ]
O32 - AutoRun File - [2003/08/14 16:21:16 | 000,000,000 | ---D | M] - F:\AUTOTRONICS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINNT\system32\ias [2003/08/13 16:21:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
SystemRestore not available.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/12 08:16:52 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/11 16:29:33 | 073,969,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_11.06.2010_23-36.exe
[2010/06/11 13:58:07 | 000,000,000 | ---D | C] -- C:\WINNT\BDOSCAN8
[2010/06/11 11:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/11 09:35:59 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/06/11 09:22:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/10 15:24:01 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2010/06/10 11:21:36 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/06/09 17:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/06/09 17:33:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/06/09 17:33:30 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/06/09 17:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/09 17:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/09 17:31:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/06/09 12:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/14 14:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/02 13:37:42 | 000,000,000 | ---D | C] -- C:\Scorekeeping For Dummies
[2010/03/17 12:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

========== Files - Modified Within 90 Days ==========

[2010/06/12 08:23:50 | 003,784,704 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/12 08:16:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/12 07:06:13 | 000,000,051 | ---- | M] () -- C:\WINNT\iTouch.ini
[2010/06/12 07:04:58 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/06/11 18:10:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/11 16:47:47 | 000,287,704 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/06/11 16:44:44 | 073,969,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_11.06.2010_23-36.exe
[2010/06/11 15:07:37 | 000,001,410 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/06/11 11:38:45 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_314.dat
[2010/06/11 10:00:38 | 000,000,564 | ---- | M] () -- C:\WINNT\tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
[2010/06/11 09:53:09 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2010/06/11 09:44:04 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_26c.dat
[2010/06/11 09:34:33 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/06/10 15:20:12 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/06/10 15:19:50 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/06/09 19:15:45 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\4yejfu2z.exe
[2010/06/09 17:33:34 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 17:31:58 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/06/09 13:32:37 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/09 12:15:14 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/06/08 14:14:49 | 000,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2010/06/08 07:13:34 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2010/06/07 15:28:30 | 000,348,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\obr2010.doc
[2010/06/07 12:06:27 | 000,000,308 | ---- | M] () -- C:\WINNT\tasks\Norton SystemWorks One Button Checkup.job
[2010/06/04 13:59:55 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\10 Pitching.lnk
[2010/06/04 13:54:23 | 000,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2010/06/04 11:24:27 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Combined.lnk
[2010/06/04 11:16:11 | 000,001,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2010.lnk
[2010/06/03 16:23:12 | 000,008,896 | ---- | M] () -- C:\WINNT\hh.dat
[2010/06/02 16:01:55 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JV.lnk
[2010/06/01 09:55:37 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\10 Batting.lnk
[2010/05/30 16:57:32 | 000,001,359 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\All Games.lnk
[2010/05/30 08:29:52 | 000,000,420 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cbatting.lnk
[2010/05/30 08:25:29 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CPitching.lnk
[2010/05/22 12:43:37 | 000,001,309 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lineup.lnk
[2010/05/20 16:30:56 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Labor.lnk
[2010/05/18 13:58:04 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\10 Special.lnk
[2010/05/17 15:38:10 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Foxcmd7 multi.lnk
[2010/05/17 12:00:01 | 000,080,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/15 14:33:47 | 000,001,409 | ---- | M] () -- C:\WINNT\QTFont.for
[2010/05/08 00:00:00 | 000,000,324 | ---- | M] () -- C:\WINNT\tasks\Symantec Drmc.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:24 | 000,019,288 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/04/28 10:53:21 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JV Stats.lnk
[2010/04/24 08:40:39 | 002,256,607 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\05.softball.umpire.rulebook.pdf
[2010/04/21 11:51:52 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Scatter.lnk
[2010/04/15 19:07:00 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CDefense.lnk
[2010/04/10 18:43:12 | 000,002,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\InstallShield.lnk
[2010/04/05 08:55:59 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FxCmd Lineup.lnk
[2010/04/04 14:13:21 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hoyle Card.lnk
[2010/04/04 14:06:48 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hoyle Board.lnk
[2010/04/02 15:53:01 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WP.lnk
[2010/03/15 09:28:02 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_408.dat

========== Files Created - No Company Name ==========

[2010/06/11 11:38:45 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_314.dat
[2010/06/11 09:53:09 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2010/06/11 09:44:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_26c.dat
[2010/06/09 19:15:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\4yejfu2z.exe
[2010/06/09 17:33:34 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 13:32:50 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/08 07:13:34 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2010/05/15 14:33:47 | 000,054,156 | -H-- | C] () -- C:\WINNT\QTFont.qfn
[2010/05/15 14:33:47 | 000,001,409 | ---- | C] () -- C:\WINNT\QTFont.for
[2010/04/24 08:40:39 | 002,256,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\05.softball.umpire.rulebook.pdf
[2010/04/21 11:51:16 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Scatter.lnk
[2010/04/05 08:52:27 | 000,001,309 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lineup.lnk
[2010/04/05 08:52:27 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FxCmd Lineup.lnk
[2010/03/15 09:28:02 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_408.dat
[2010/01/23 17:16:53 | 000,170,424 | ---- | C] () -- C:\WINNT\xobglu32.dll
[2010/01/23 17:16:53 | 000,063,488 | ---- | C] () -- C:\WINNT\xobglu16.dll
[2010/01/23 14:44:58 | 000,051,716 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINNT\bdoscandellang.ini
[2007/04/06 14:41:57 | 000,001,152 | ---- | C] () -- C:\WINNT\System32\windrv.sys
[2007/03/18 20:02:11 | 000,009,472 | ---- | C] () -- C:\WINNT\unsqz.dll
[2007/03/18 20:01:48 | 000,000,024 | ---- | C] () -- C:\WINNT\@loha.ini
[2006/12/15 12:17:13 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\drivers\CO_Mon.sys
[2005/09/23 14:03:48 | 000,000,122 | ---- | C] () -- C:\WINNT\mdm.ini
[2005/07/16 19:17:51 | 000,651,264 | ---- | C] () -- C:\WINNT\System32\libeay32.dll
[2005/07/16 19:17:51 | 000,147,456 | ---- | C] () -- C:\WINNT\System32\ssleay32.dll
[2005/02/06 13:23:27 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/12/26 17:56:50 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\CfgResDll.dll
[2003/12/26 17:56:50 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\WakeResDll.dll
[2003/05/10 07:42:28 | 000,000,051 | ---- | C] () -- C:\WINNT\WININIT.INI
[2003/01/18 16:04:42 | 000,000,060 | ---- | C] () -- C:\WINNT\wpd99.drv
[2003/01/08 11:00:13 | 003,673,360 | ---- | C] () -- C:\WINNT\System32\MSO97RT.DLL
[2002/12/28 01:42:00 | 000,004,239 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2002/12/27 23:47:04 | 000,000,171 | ---- | C] () -- C:\WINNT\KPCMS.INI
[2002/12/27 23:46:35 | 000,210,944 | ---- | C] () -- C:\WINNT\System32\MSVCRT10.DLL
[2002/12/27 06:44:26 | 000,004,333 | ---- | C] () -- C:\WINNT\mixerdef.ini
[2002/12/27 06:43:47 | 000,033,909 | ---- | C] () -- C:\WINNT\cmijack.ini
[2002/12/27 06:43:46 | 000,019,458 | ---- | C] () -- C:\WINNT\cmaudio.ini
[2002/12/27 06:42:24 | 000,000,411 | ---- | C] () -- C:\WINNT\CMISETUP.INI
[2002/12/27 06:42:24 | 000,000,026 | ---- | C] () -- C:\WINNT\CMCDPLAY.INI
[2002/12/27 06:30:32 | 000,000,051 | ---- | C] () -- C:\WINNT\iTouch.ini
[2002/12/27 01:40:17 | 000,151,552 | ---- | C] () -- C:\WINNT\System32\setuplib.dll
[2002/12/26 18:32:15 | 000,000,318 | ---- | C] () -- C:\WINNT\QBUILD.INI
[2002/12/26 07:34:08 | 000,096,768 | ---- | C] () -- C:\WINNT\System32\LGUICOM.DLL
[2002/12/26 07:34:08 | 000,000,488 | ---- | C] () -- C:\WINNT\Cmousecc.ini
[2002/12/23 23:10:59 | 000,000,956 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/12/23 16:22:17 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\HMPV2_ENC_MMX.dll
[2002/12/23 16:22:17 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\HMPV2_ENC.dll
[2002/12/23 16:22:17 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\Hmpg12.dll
[2002/12/23 16:22:17 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\multiplex_vcd.dll
[1999/12/07 05:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/12/07 05:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[1999/12/07 05:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[1999/12/07 05:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[1999/12/07 05:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[1999/09/25 03:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/11/12 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blitware
[2006/02/01 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/01/13 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LockLizard
[2005/09/18 18:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Musicmatch
[2010/01/23 15:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2006/12/15 11:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2006/12/15 12:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WholeSecurity
[2007/04/07 12:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2008/03/02 15:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/01/13 12:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LockLizard
[2009/07/04 11:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/23 15:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2002/12/24 00:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/04/06 13:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/09/23 12:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/20 14:59:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/06/08 14:14:49 | 000,000,472 | ---- | M] () -- C:\WINNT\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2003/06/19 12:05:04 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/06/19 12:05:04 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2009/11/12 15:46:00 | 007,456,088 | ---- | M] (Blitware Technology Inc. ) -- C:\DriverRobot_Setup.exe

< MD5 for: AGP440.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys
[2003/06/19 12:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys
[2003/06/19 12:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2003/06/19 12:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2003/06/19 12:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUninstallKB835732$\eventlog.dll
[2003/06/19 12:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2004/03/23 19:17:01 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=CEB85BFA135CBDDA10C89E5D31D95F9B -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2005/04/08 04:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\system32\dllcache\EVENTLOG.DLL
[2005/04/08 04:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\system32\EVENTLOG.DLL

< MD5 for: EXPLORER.EXE >
[2003/06/19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=59CF2B7DCED9111F48F51B4B570E672D -- C:\WINNT\explorer.exe
[2003/06/19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=59CF2B7DCED9111F48F51B4B570E672D -- C:\WINNT\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2003/06/19 12:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\$NtUninstallKB835732$\netlogon.dll
[2003/06/19 12:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2004/03/23 19:17:01 | 000,371,472 | ---- | M] (Microsoft Corporation) MD5=21537BC1F1AB7667A3828B2344E6D4BA -- C:\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll
[2005/04/08 04:54:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\system32\dllcache\NETLOGON.DLL
[2005/04/08 04:54:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\system32\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/03/23 19:17:01 | 000,111,376 | ---- | M] (Microsoft Corporation) MD5=0B476C9305098B37BE70F0AC29E671E5 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll
[2005/01/12 12:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\system32\dllcache\scecli.dll
[2005/01/12 12:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\system32\scecli.dll
[2003/06/19 12:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUninstallKB835732$\scecli.dll
[2003/06/19 12:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll

< MD5 for: USERINIT.EXE >
[2003/06/19 12:05:04 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=BF179C5B8A722CC79AEF1CA90D6C7D48 -- C:\WINNT\ServicePackFiles\i386\userinit.exe
[2003/06/19 12:05:04 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=BF179C5B8A722CC79AEF1CA90D6C7D48 -- C:\WINNT\system32\USERINIT.EXE

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/12/23 11:41:55 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2002/12/23 11:41:55 | 000,536,576 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2002/12/23 11:41:55 | 000,356,352 | ---- | M] () -- C:\WINNT\system32\config\system.sav

========== Files - Unicode (All) ==========
[2002/12/27 06:26:40 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\Შ
[2002/12/27 06:26:40 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\Შ
[2002/12/26 07:34:24 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\
[2002/12/26 07:34:24 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\

scorekeeper · 2010/06/12

Had to reduce the size of the file.

Here's the very end of it.

////////////////////////////

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
< End of report >

scorekeeper · 2010/06/12

OTL Extras logfile created on: 6/12/2010 8:23:52 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 333.00 Mb Available Physical Memory | 65.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 10.83 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
Drive D: | 32.85 Gb Total Space | 22.47 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.81 Gb Total Space | 3.46 Gb Free Space | 44.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKS-MACHINE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{01558B00-3F19-4E26-8B56-11CA9F97E81C}" = WLAN Cardbus
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}" = Norton GoBack 4.1
"{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}" = NETGEAR WG111 Software
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.71
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{707D28BF-E145-4a9b-B97E-94FA586D05F3}" = Norton SystemWorks 2006 Basic Edition
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{89C83182-6537-4177-8A34-91598524EFD3}" = Visual FoxPro 7.0 Professional - English
"{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}" = WinPatrol
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B96F1D26-E664-11D4-8BE8-006097C9A3ED}" = InstallShield Express Visual FoxPro Limited Edition
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{D878E385-D14F-11D4-A546-0090278A1BB8}" = Visual FoxPro 7.0 Baseline - English
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F73E7B59-F951-11D4-884D-00902761A46D}" = WordPerfect Office 2002 Professional
"ABE" = ABE
"ABE Setup" = ABE Setup
"ABE Tutorial" = ABE Tutorial
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CodeStuff Starter" = CodeStuff Starter
"DXTXTRA" = Microsoft DirectX Transform optional components
"ESET Online Scanner" = ESET Online Scanner v3
"FinePrint pdfFactory" = FinePrint pdfFactory
"FTP Explorer" = FTP Explorer
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"ieSupportManager" = ieSupportManager
"Interbase" = Interbase
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.5.122
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSDN Library - July 2001" = MSDN Library - July 2001
"NTI CD-Maker 2000 Plus" = NTI CD-Maker 2000 Plus
"OmniFormat" = OmniFormat
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"Pdf995" = Pdf995
"Q818043" = Windows 2000 Hotfix (SP5) Q818043
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"Q903235" = Internet Explorer Q903235
"QuickTime" = QuickTime
"SymSetup.{707D28BF-E145-4a9b-B97E-94FA586D05F3}" = Norton SystemWorks 2006 Basic Edition (Symantec Corporation)
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"Visual FoxPro 6.0" = Microsoft Visual FoxPro 6.0
"Visual FoxPro 7.0 Professional - English" = Microsoft Visual FoxPro 7.0 Professional - English
"WinPatrol 2007" = WinPatrol 2007 Restore/Remove First
"WinZip" = WinZip
"WMP7" = Windows Media Player system update (9 Series)
"WordPerfect Office 2002 Professional" = WordPerfect Office 2002 Professional
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE" = Confidence Online(tm) for Web Applications

< End of report >

broni · 2010/06/12

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab  (Reg Error: Key error.)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...877.3178935185  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

scorekeeper · 2010/06/12

It ran very nicely and quickly. Then I shut it down. As it was shutting down, it froze up. I reset it, and when it restarted, the OS wanted to run chkdsk, so I let it. When it come back up, notepad was open with the file that follows in it.

//////////////////////////////////////////////////////

All processes killed
========== OTL ==========
Starting removal of ActiveX control {31564D57-0000-0010-8000-00AA00389B71}
C:\WINNT\Downloaded Program Files\wmvax.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {32564D57-0000-0010-8000-00AA00389B71}
C:\WINNT\Downloaded Program Files\wmv8ax.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINNT\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINNT\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ deleted successfully.
File Protocol\Filter\Class Install Handler - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4295826C deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 8516312 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61782143 bytes
->Flash cache emptied: 976 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 67.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

Total Flash Files Cleaned = 0.00 mb

C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.6.0 log created on 06122010_104727

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/06/12

Still...

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Click to expand...

scorekeeper · 2010/06/12

Just out of curiosity, what do you see when these things run?

Don't get me wrong, I appreciate what you do and don't presume to be able to learn it in a couple days or even a couple years. But I look at those logs and may as well be reading ancient Egyptian.

///////////////////////////////////////////////////////////

OTL logfile created on: 6/12/2010 12:26:51 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 320.00 Mb Available Physical Memory | 63.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 10.77 Gb Free Space | 44.10% Space Free | Partition Type: NTFS
Drive D: | 32.85 Gb Total Space | 22.47 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.81 Gb Total Space | 3.46 Gb Free Space | 44.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKS-MACHINE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/12 08:16:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/03/01 15:16:23 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 15:16:21 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/11/04 18:14:08 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2007/01/22 22:19:26 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2006/11/21 18:38:38 | 000,202,344 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/01/17 14:03:06 | 000,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2005/11/29 11:50:06 | 000,116,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymTray.exe
PRC - [2005/11/14 08:24:04 | 000,595,632 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
PRC - [2005/11/03 20:06:21 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/11/03 17:08:01 | 000,095,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2005/11/03 16:44:58 | 000,176,193 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2004/09/07 08:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2004/06/05 15:10:08 | 001,056,864 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
PRC - [2004/03/18 10:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2003/06/19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 12:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 12:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/01/23 18:08:46 | 000,716,800 | ---- | M] () -- C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe
PRC - [2002/10/15 19:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINNT\mixer.exe
PRC - [2002/07/09 10:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2002/06/12 00:17:40 | 000,352,256 | ---- | M] (FinePrint Software, LLC) -- C:\WINNT\system32\spool\drivers\w32x86\2\fppdis1.exe

========== Modules (SafeList) ==========

MOD - [2010/06/12 08:16:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2007/01/22 22:25:58 | 000,377,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCL40.DLL
MOD - [2005/11/14 08:24:04 | 000,607,920 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton GoBack\ShellExt.dll
MOD - [2005/09/23 18:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2004/03/18 10:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2004/03/18 10:26:48 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/06/19 12:05:04 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2003/06/19 12:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003/06/19 12:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [2003/03/18 22:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp71.dll
MOD - [2003/02/21 06:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\Msvcr71.dll
MOD - [2002/07/09 10:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL

========== Win32 Services (SafeList) ==========

SRV - [2010/03/01 15:16:21 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/11/04 18:14:08 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/01/16 12:25:28 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006/11/21 18:38:38 | 000,202,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/05/15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/02/03 18:29:36 | 000,072,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/12/19 20:41:56 | 000,198,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/11/14 08:24:04 | 000,595,632 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe -- (GBPoll)
SRV - [2005/11/03 20:06:21 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/11/03 17:08:01 | 000,095,832 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2005/11/03 16:44:58 | 000,176,193 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2004/09/07 08:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 12:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 12:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 12:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 12:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 12:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2000/06/23 06:00:00 | 001,702,400 | ---- | M] (Inprise Corporation) [On_Demand | Stopped] -- C:\Program Files\InterBase\Bin\ibserver.exe -- (InterBaseServer)
SRV - [2000/06/23 06:00:00 | 000,022,016 | ---- | M] (Inprise Corporation) [On_Demand | Stopped] -- C:\Program Files\InterBase\Bin\ibguard.exe -- (InterBaseGuardian)

========== Driver Services (SafeList) ==========

DRV - [2009/04/27 14:14:22 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINNT\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/15 13:04:26 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090706.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/04/15 13:04:26 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/04/15 13:04:26 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090706.016\NAVENG.SYS -- (NAVENG)
DRV - [2009/02/25 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2009/01/06 11:44:15 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/10/02 23:55:42 | 000,158,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20071031.003\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2007/10/01 15:49:26 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/01 15:49:20 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/01 15:49:16 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/01 15:49:10 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/10/01 15:49:04 | 000,098,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/01 15:48:56 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/04/09 21:44:52 | 000,391,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/12/15 12:17:13 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2006/07/07 18:47:23 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/19 20:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 20:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/11/14 08:24:04 | 000,117,760 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\GoBack2k.sys -- (GoBack2K)
DRV - [2005/11/14 08:24:04 | 000,015,360 | R--- | M] (Symantec Corporation) [File_System | Auto | Stopped] -- C:\WINNT\system32\drivers\GBFSHook.sys -- (GBFSHook)
DRV - [2005/11/14 08:24:04 | 000,005,632 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\GBDevice.sys -- (GBDevice)
DRV - [2005/11/03 16:56:04 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2005/11/03 16:43:42 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2005/02/06 12:32:16 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2005/02/06 12:32:16 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/07/09 03:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2004/06/04 13:12:10 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/05/20 09:46:42 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/05/20 09:46:38 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/10 14:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/06/19 12:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 12:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 12:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 12:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 12:05:04 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/06/19 12:05:04 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/06/19 12:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 12:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/01/28 17:41:26 | 000,155,152 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rtl8180.sys -- (rtl8180)
DRV - [2002/11/18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/09 02:50:00 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\lmouflt2.sys -- (lmouflt2)
DRV - [2002/07/09 02:50:00 | 000,050,862 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\L8042pr2.sys -- (l8042pr2)
DRV - [2002/07/09 02:50:00 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\lkbdflt2.sys -- (lkbdflt2)
DRV - [2002/03/26 13:43:34 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [1999/12/07 05:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [1999/12/07 05:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [1999/10/29 16:28:02 | 000,052,272 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sis300p.sys -- (SiS300)
DRV - [1999/09/25 03:37:28 | 000,065,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [1999/09/25 00:55:30 | 000,602,128 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\winacpci.sys -- (Winacpci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mailguard.calweb.com/login.php?lang=en|http://asmiforum.proboards.com/index.cgi?|http://www.infosports.com/scorekeeper|http://www.baseball-fever.com/forumdisplay.php?f=53|http://www.infosports.com/forum/viewforum.php?f=2|http://www.whitehouse.gov/feed/blog/ "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "localhost "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 14:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 14:14:25 | 000,000,000 | ---D | M]

[2008/08/26 11:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/01/25 21:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4k9xxk3.default\extensions
[2010/06/12 08:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 14:14:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/12 10:47:42 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINNT\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v1] C:\WINNT\system32\spool\drivers\w32x86\2\fppdis1.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Cardbus.lnk = C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201320796428 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\NANI.BMP
O24 - Desktop BackupWallPaper: C:\WINNT\Web\Wallpaper\NANI.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/23 15:47:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/02/13 09:27:08 | 000,000,107 | ---- | M] () - F:\AUTOEXEC.NS0 -- [ FAT32 ]
O32 - AutoRun File - [2002/02/13 10:06:08 | 000,000,107 | ---- | M] () - F:\AutoExec.bat -- [ FAT32 ]
O32 - AutoRun File - [2003/08/14 16:21:16 | 000,000,000 | ---D | M] - F:\AUTOTRONICS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/12 10:47:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/12 08:16:52 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/11 16:29:33 | 073,969,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_11.06.2010_23-36.exe
[2010/06/11 13:58:07 | 000,000,000 | ---D | C] -- C:\WINNT\BDOSCAN8
[2010/06/11 11:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/11 09:35:59 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/06/11 09:22:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/10 15:24:01 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2010/06/10 11:21:36 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/06/09 17:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/06/09 17:33:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/06/09 17:33:30 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/06/09 17:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/09 17:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/09 17:31:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/06/09 12:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/14 14:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/02 13:37:42 | 000,000,000 | ---D | C] -- C:\Scorekeeping For Dummies
[2010/03/17 12:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

========== Files - Modified Within 90 Days ==========

[2010/06/12 12:31:00 | 003,784,704 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/12 10:54:09 | 000,000,051 | ---- | M] () -- C:\WINNT\iTouch.ini
[2010/06/12 10:52:14 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/06/12 10:52:05 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_270.dat
[2010/06/12 10:48:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/12 10:47:56 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_ac4.dat
[2010/06/12 10:47:42 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2010/06/12 08:16:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/11 16:47:47 | 000,287,704 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/06/11 16:44:44 | 073,969,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\setup_9.0.0.722_11.06.2010_23-36.exe
[2010/06/11 15:07:37 | 000,001,410 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/06/11 11:38:45 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_314.dat
[2010/06/11 10:00:38 | 000,000,564 | ---- | M] () -- C:\WINNT\tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
[2010/06/11 09:44:04 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_26c.dat
[2010/06/11 09:34:33 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/06/10 15:20:12 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/06/09 19:15:45 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\4yejfu2z.exe
[2010/06/09 17:33:34 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 17:31:58 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/06/09 13:32:37 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/09 12:15:14 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/06/08 14:14:49 | 000,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2010/06/08 07:13:34 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2010/06/07 15:28:30 | 000,348,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\obr2010.doc
[2010/06/07 12:06:27 | 000,000,308 | ---- | M] () -- C:\WINNT\tasks\Norton SystemWorks One Button Checkup.job
[2010/06/04 13:59:55 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\10 Pitching.lnk
[2010/06/04 13:54:23 | 000,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2010/06/04 11:24:27 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Combined.lnk
[2010/06/04 11:16:11 | 000,001,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2010.lnk
[2010/06/03 16:23:12 | 000,008,896 | ---- | M] () -- C:\WINNT\hh.dat
[2010/06/02 16:01:55 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JV.lnk
[2010/06/01 09:55:37 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\10 Batting.lnk
[2010/05/30 16:57:32 | 000,001,359 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\All Games.lnk
[2010/05/30 08:29:52 | 000,000,420 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cbatting.lnk
[2010/05/30 08:25:29 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CPitching.lnk
[2010/05/22 12:43:37 | 000,001,309 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lineup.lnk
[2010/05/20 16:30:56 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Labor.lnk
[2010/05/18 13:58:04 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\10 Special.lnk
[2010/05/17 15:38:10 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Foxcmd7 multi.lnk
[2010/05/17 12:00:01 | 000,080,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/15 14:33:47 | 000,001,409 | ---- | M] () -- C:\WINNT\QTFont.for
[2010/05/08 00:00:00 | 000,000,324 | ---- | M] () -- C:\WINNT\tasks\Symantec Drmc.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:24 | 000,019,288 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/04/28 10:53:21 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JV Stats.lnk
[2010/04/24 08:40:39 | 002,256,607 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\05.softball.umpire.rulebook.pdf
[2010/04/21 11:51:52 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Scatter.lnk
[2010/04/15 19:07:00 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CDefense.lnk
[2010/04/10 18:43:12 | 000,002,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\InstallShield.lnk
[2010/04/05 08:55:59 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FxCmd Lineup.lnk
[2010/04/04 14:13:21 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hoyle Card.lnk
[2010/04/04 14:06:48 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hoyle Board.lnk
[2010/04/02 15:53:01 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WP.lnk
[2010/03/15 09:28:02 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_408.dat

========== Files Created - No Company Name ==========

[2010/06/12 10:52:05 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_270.dat
[2010/06/12 10:47:56 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_ac4.dat
[2010/06/11 11:38:45 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_314.dat
[2010/06/11 09:44:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_26c.dat
[2010/06/09 19:15:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\4yejfu2z.exe
[2010/06/09 17:33:34 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 13:32:50 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/08 07:13:34 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2010/05/15 14:33:47 | 000,054,156 | -H-- | C] () -- C:\WINNT\QTFont.qfn
[2010/05/15 14:33:47 | 000,001,409 | ---- | C] () -- C:\WINNT\QTFont.for
[2010/04/24 08:40:39 | 002,256,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\05.softball.umpire.rulebook.pdf
[2010/04/21 11:51:16 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Scatter.lnk
[2010/04/05 08:52:27 | 000,001,309 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lineup.lnk
[2010/04/05 08:52:27 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FxCmd Lineup.lnk
[2010/03/15 09:28:02 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_408.dat
[2010/01/23 17:16:53 | 000,170,424 | ---- | C] () -- C:\WINNT\xobglu32.dll
[2010/01/23 17:16:53 | 000,063,488 | ---- | C] () -- C:\WINNT\xobglu16.dll
[2010/01/23 14:44:58 | 000,051,716 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINNT\bdoscandellang.ini
[2007/04/06 14:41:57 | 000,001,152 | ---- | C] () -- C:\WINNT\System32\windrv.sys
[2007/03/18 20:02:11 | 000,009,472 | ---- | C] () -- C:\WINNT\unsqz.dll
[2007/03/18 20:01:48 | 000,000,024 | ---- | C] () -- C:\WINNT\@loha.ini
[2006/12/15 12:17:13 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\drivers\CO_Mon.sys
[2005/09/23 14:03:48 | 000,000,122 | ---- | C] () -- C:\WINNT\mdm.ini
[2005/07/16 19:17:51 | 000,651,264 | ---- | C] () -- C:\WINNT\System32\libeay32.dll
[2005/07/16 19:17:51 | 000,147,456 | ---- | C] () -- C:\WINNT\System32\ssleay32.dll
[2005/02/06 13:23:27 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/12/26 17:56:50 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\CfgResDll.dll
[2003/12/26 17:56:50 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\WakeResDll.dll
[2003/05/10 07:42:28 | 000,000,051 | ---- | C] () -- C:\WINNT\WININIT.INI
[2003/01/18 16:04:42 | 000,000,060 | ---- | C] () -- C:\WINNT\wpd99.drv
[2003/01/08 11:00:13 | 003,673,360 | ---- | C] () -- C:\WINNT\System32\MSO97RT.DLL
[2002/12/28 01:42:00 | 000,004,239 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2002/12/27 23:47:04 | 000,000,171 | ---- | C] () -- C:\WINNT\KPCMS.INI
[2002/12/27 23:46:35 | 000,210,944 | ---- | C] () -- C:\WINNT\System32\MSVCRT10.DLL
[2002/12/27 06:44:26 | 000,004,333 | ---- | C] () -- C:\WINNT\mixerdef.ini
[2002/12/27 06:43:47 | 000,033,909 | ---- | C] () -- C:\WINNT\cmijack.ini
[2002/12/27 06:43:46 | 000,019,458 | ---- | C] () -- C:\WINNT\cmaudio.ini
[2002/12/27 06:42:24 | 000,000,411 | ---- | C] () -- C:\WINNT\CMISETUP.INI
[2002/12/27 06:42:24 | 000,000,026 | ---- | C] () -- C:\WINNT\CMCDPLAY.INI
[2002/12/27 06:30:32 | 000,000,051 | ---- | C] () -- C:\WINNT\iTouch.ini
[2002/12/27 01:40:17 | 000,151,552 | ---- | C] () -- C:\WINNT\System32\setuplib.dll
[2002/12/26 18:32:15 | 000,000,318 | ---- | C] () -- C:\WINNT\QBUILD.INI
[2002/12/26 07:34:08 | 000,096,768 | ---- | C] () -- C:\WINNT\System32\LGUICOM.DLL
[2002/12/26 07:34:08 | 000,000,488 | ---- | C] () -- C:\WINNT\Cmousecc.ini
[2002/12/23 23:10:59 | 000,000,956 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/12/23 16:22:17 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\HMPV2_ENC_MMX.dll
[2002/12/23 16:22:17 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\HMPV2_ENC.dll
[2002/12/23 16:22:17 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\Hmpg12.dll
[2002/12/23 16:22:17 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\multiplex_vcd.dll
[1999/12/07 05:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/12/07 05:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[1999/12/07 05:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[1999/12/07 05:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[1999/12/07 05:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[1999/09/25 03:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/11/12 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blitware
[2006/02/01 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/01/13 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LockLizard
[2005/09/18 18:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Musicmatch
[2010/01/23 15:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2006/12/15 11:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2006/12/15 12:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WholeSecurity
[2007/04/07 12:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2008/03/02 15:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/01/13 12:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LockLizard
[2009/07/04 11:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/23 15:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2002/12/24 00:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/04/06 13:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/09/23 12:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/20 14:59:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/06/08 14:14:49 | 000,000,472 | ---- | M] () -- C:\WINNT\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2002/12/27 06:26:40 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\Შ
[2002/12/27 06:26:40 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\Შ
[2002/12/26 07:34:24 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\
[2002/12/26 07:34:24 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\
< End of report >

broni · 2010/06/12

I look at those logs and may as well be reading ancient Egyptian
Click to expand...

I don't expect you to understand those logs....LOL
Basically speaking, they show me what's running on your computer, so we can remove, dangerous items and a garbage.

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

scorekeeper · 2010/06/12

I hope I didn't muck something up.

I shut down all the applications, ran OTL, and clicked on cleanup.

Nothing seems to be happening, but down on the lower left it says processing [deleteself] ... and it never said anything about rebooting.

I'm sure you know I'm pretty paranoid by now, so I won't even run the task manager to see if it's running.

I don't mind letting it run, but I'm a nervous old guy.

Thanx for all the help!

broni · 2010/06/12

it says processing [deleteself]
Click to expand...

If the above is still there, be patient.
If it's gone, restart manually.

scorekeeper · 2010/06/12

Still being patient, but would like to know if I can run the task manager, and what I'd see if i did.

broni · 2010/06/12

Yes, you can open Task Manager and see, if OTL cleanup is still running.

scorekeeper · 2010/06/12

Well, its been 3 hours and TM says its still running.

The only procees other than System Idle that has more than a couple hours of CPU time is something called jqs.exe with 2:46.

I'll just let 'er go ad tell you what's happenin'.

broni · 2010/06/12

jqs.exe is Java Quick Starter and by default it runs at computer startup, so no worries here.

That OTL cleanup is not extremely crucial, but if you can give it some more time, that would be good.

scorekeeper · 2010/06/13

Well, I hope I didn’t cause any damage, but this morning I closed GMR and restarted the box after about 16 hours. Everything seems to be working fine, except 1 thing. I can’t read anything that’s in outlook express. Everything’s there, but I can’t read any of the messages, even old ones. And when I send myself a message, I can’t read what’s in it either. Pretty strange.

I will gladly start gmer back up and try again if you believe its best, or run anything else youâ€™d like to see.

broni · 2010/06/13

What do you mean by GMR?

As for Outlook Express issue, I suggest, you start a new thread in appropriate forum.
Here, we just make sure, your computer is clean.

scorekeeper · 2010/06/13

"broni said: ↑

What do you mean by GMR?

As for Outlook Express issue, I suggest, you start a new thread in appropriate forum.
Here, we just make sure, your computer is clean.
Click to expand...

OOPS! Been helping the wife on her post about the machine being dragged down. I finally got GMER to run on it late last night and had that on my mind. I meant OTL for mine. Sorry.

I was looking for a good forum to do that. Would General Internet be the place?

Log in or Sign up

Solved Shouldn't have let the kid borrow the box

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

scorekeeper Inactive Thread Starter

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Shouldn't have let the kid borrow the box

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

scorekeeper Inactive Thread Starter

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

Share This Page

Useful Searches