antivirus soft

View previous topic View next topic Go down

antivirus soft

Post by Crockyoshighty on Fri Mar 05, 2010 9:13 pm

I'm not at all sure if having done everything you've asked correctly Let me think . Going back and forth from normal mode to safe mode downloading this and that has gotten me in a right pickle! Anyway I think, I've downloaded Windows newest version, JavaRa, Something to do with winlogon.exe and winlogon.scr? God, I don't even know as these blessed pop-ups are driving me up a wall! The spyware doctor thing doesn't seem to be working? I'm now going to try and past the Log thing that you requested. NO, it won't let me copy and past the log results of winlogon.scr? If I go back to safemode then I can't get onto the internet and more importantly your webesite. What do I do now? :sad: I don't know if this mean's anything or helps in resolving this issue but at the bottom righthand of my screen, there is a green blob looking thing with a white checkmark in the centre which reads "Antivirus Soft" when placing the cenor over it. Thank God you can't hear my screams of anger etc, it's quite unpleasant at times. Right then, I wait with baited breath to hear from your good self again. Ta Crocky O' Shighty Whoa!

Crockyoshighty
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft

Post by Belahzur on Fri Mar 05, 2010 11:13 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirus soft

Post by Crockyoshighty on Sat Mar 06, 2010 5:40 am

OTL Extras logfile created on: 3/5/2010 10:27:52 PM sleep now - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 767.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 36.56 Gb Free Space | 52.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 54.75 Mb Total Space | 47.57 Mb Free Space | 86.87% Space Free | Partition Type: FAT
Drive G: | 4.63 Gb Total Space | 0.72 Gb Free Space | 15.47% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D6Z3Y091
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [File Finder...] -- C:\Program Files\Avanquest\PowerDesk\pdfind.exe /PATH:%1 (Avanquest North America, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe Extendscript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{410A2688-05B2-4B98-9A0D-44961FE78264}" = WG121 Smart Wizard
"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI-Dark Motives
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 9 Professional
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{866A1BDA-2FD1-4C8A-8E8D-7EAC52A40DC3}" = STOPzilla
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B93251B5-9209-4DAB-867C-AA98D91584CD}" = PowerDesk 7
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB5518BE-F40F-407A-B451-012625D4497B}" = hp deskjet 5600
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F3DDC62E-90DC-49DF-B1ED-F816CC28B346}" = SymNet
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe Extendscript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Custom Cookbook" = Custom Cookbook
"Delicious Deluxe" = Delicious Deluxe
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Diner Dash - Flo on the Go" = Diner Dash - Flo on the Go (remove only)
"Diner Dash 2" = Diner Dash 2 (remove only)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"hp print screen utility" = hp print screen utility
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iWinArcade" = iWin Games (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.6)" = Mozilla Firefox (2.0.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhoTagsExpress" = PhoTags Express
"PROSet" = Intel(R) PRO Network Connections Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QuickTime32" = QuickTime for Windows (32-bit)
"RealPlayer 6.0" = RealPlayer
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Spyware Doctor" = Spyware Doctor 7.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"Taking Control of Your Health Deinstall" = Taking Control of Your Health
"The Food Lover's Encyclopedia" = The Food Lover's Encyclopedia
"ViewpointMediaPlayer" = Viewpoint Media Player
"Walgreens PhotoShow Express" = Walgreens PhotoShow Express
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2010 12:02:25 AM wake now | Computer Name = D6Z3Y091 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/6/2010 12:02:26 AM wake now | Computer Name = D6Z3Y091 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/6/2010 12:02:32 AM wake now | Computer Name = D6Z3Y091 | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 3/6/2010 12:02:40 AM wake now | Computer Name = D6Z3Y091 | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 3/6/2010 12:02:50 AM wake now | Computer Name = D6Z3Y091 | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 3/6/2010 12:02:57 AM wake now | Computer Name = D6Z3Y091 | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 3/6/2010 12:32:28 AM wake now | Computer Name = D6Z3Y091 | Source = MsiInstaller | ID = 11719
Description = Product: ccCommon -- Error 1719. The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 3/6/2010 12:32:32 AM wake now | Computer Name = D6Z3Y091 | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 3/6/2010 12:32:43 AM wake now | Computer Name = D6Z3Y091 | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 3/6/2010 1:25:01 AM wake now | Computer Name = D6Z3Y091 | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

[ System Events ]
Error - 3/5/2010 3:50:12 PM sleep now | Computer Name = D6Z3Y091 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 3/5/2010 3:55:05 PM sleep now | Computer Name = D6Z3Y091 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 3 time(s).

Error - 3/5/2010 3:59:05 PM sleep now | Computer Name = D6Z3Y091 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 4 time(s).

Error - 3/5/2010 4:03:04 PM sleep now | Computer Name = D6Z3Y091 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 5 time(s).

Error - 3/5/2010 4:09:04 PM sleep now | Computer Name = D6Z3Y091 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 6 time(s).

Error - 3/5/2010 4:13:04 PM sleep now | Computer Name = D6Z3Y091 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 7 time(s).

Error - 3/5/2010 4:26:05 PM sleep now | Computer Name = D6Z3Y091 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/5/2010 4:26:07 PM sleep now | Computer Name = D6Z3Y091 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 2 time(s).

Error - 3/5/2010 4:28:09 PM sleep now | Computer Name = D6Z3Y091 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/5/2010 4:29:19 PM sleep now | Computer Name = D6Z3Y091 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm sbaphd SYMTDI


< End of report >

Crockyoshighty
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft

Post by Crockyoshighty on Sat Mar 06, 2010 5:45 am

Is this what is wanted Belahzur? I really think I'm going off the deep end now, this is been going on for three days. I get up in the morning and start to try and deal with this all, day, long! I've now counted that I've downloaded eight things to get rid of this and so far, nothing has worked.

Crockyoshighty
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft

Post by Crockyoshighty on Sat Mar 06, 2010 5:51 am

OTL logfile created on: 3/5/2010 10:27:52 PM sleep now - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 767.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 36.56 Gb Free Space | 52.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 54.75 Mb Total Space | 47.57 Mb Free Space | 86.87% Space Free | Partition Type: FAT
Drive G: | 4.63 Gb Total Space | 0.72 Gb Free Space | 15.47% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D6Z3Y091
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/05 21:22:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2008/10/28 16:28:10 | 000,886,056 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Islay.exe


========== Modules (SafeList) ==========

MOD - [2010/03/05 21:22:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/05 17:18:48 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/02/19 19:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/03/31 16:06:22 | 000,161,048 | ---- | M] (Avanquest North America, Inc.) [Auto | Stopped] -- C:\Program Files\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2008/10/28 16:28:10 | 000,886,056 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/12/06 18:50:32 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/12/06 18:47:43 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/10/15 11:54:12 | 000,176,128 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/21 20:24:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/06/17 06:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2004/09/29 10:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/24 14:06:36 | 000,173,328 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/25 12:41:09 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2009/12/25 12:40:59 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/10/01 03:51:08 | 000,153,600 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATMFNVsp.sys -- (ATMFNVsp)
DRV - [2009/10/01 03:51:08 | 000,153,600 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATMFCVsp.sys -- (ATMFCVsp)
DRV - [2009/10/01 03:51:08 | 000,153,472 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATMFVsp.sys -- (ATMFVsp)
DRV - [2009/10/01 03:51:08 | 000,153,472 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATMFMdm.sys -- (ATMFMdm)
DRV - [2009/10/01 03:51:08 | 000,103,424 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATMFNET.sys -- (ATMFNET)
DRV - [2009/10/01 03:51:08 | 000,047,360 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATMFBUS.sys -- (ATMFBUS)
DRV - [2009/10/01 03:51:08 | 000,013,312 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATMFFLT.sys -- (ATMFFLT)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/02/19 10:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 10:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 10:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 10:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 10:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 10:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 10:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 10:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/09 15:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090318.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/01/11 13:33:40 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/23 04:09:24 | 000,092,464 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/10/09 10:21:04 | 000,202,928 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2008/09/12 11:12:06 | 000,069,168 | ---- | M] (Sunbelt Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2008/09/12 11:12:06 | 000,013,360 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2008/06/20 04:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/03 03:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005/08/04 12:48:28 | 000,040,576 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005/08/04 03:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/17 11:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/06/14 21:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/31 22:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/03/24 17:21:22 | 000,038,937 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/12/06 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 00:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/08/06 16:38:38 | 000,087,168 | ---- | M] (ATMEL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnetusbr.sys -- (USB Wireless USB Adapter(R)) USB Wireless USB Adapter(R)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.startup.homepage: "http://www.ppld.org/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2007/03/31 19:29:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 09:28:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/05 13:05:59 | 000,000,000 | ---D | M]

[2009/02/27 09:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2009/02/06 17:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/05 21:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\yc433b9a.default\extensions
[2009/02/27 09:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\yc433b9a.default\extensions\max@subfighter.com
[2010/01/15 09:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/15 09:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/07/26 12:32:55 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/07/26 12:32:56 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/07/26 12:32:57 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/07/26 12:32:57 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/07/26 12:32:58 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {a8885ec3-f903-4e59-b2f9-a07716236065} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C5E233F9-7E2B-444D-8227-E9A67FCA7FA9} - No CLSID value found.
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [fjbyfhlk] C:\Documents and Settings\Michael\Local Settings\Application Data\pfdgnl\tseysftav.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [fjbyfhlk] C:\Documents and Settings\Michael\Local Settings\Application Data\pfdgnl\tseysftav.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [LaunchRCApp] C:\NPM\RCApp.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe ()
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: amaena.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: avsystemcare.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: onerateld.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: trustedantivirus.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: virusschlacht.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: amaena.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: avsystemcare.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: onerateld.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: trustedantivirus.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: virusschlacht.com ([]* in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Islay.exe) - C:\WINDOWS\Islay.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O20 - Winlogon\Notify\tuvtqpo: DllName - tuvtqpo.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.ARM -- [ NTFS ]
O32 - AutoRun File - [2007/03/01 00:26:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/06 01:06:50 | 000,000,398 | ---- | M] () - F:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2005/07/06 01:06:50 | 000,000,398 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2005/07/07 20:34:30 | 000,001,871 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{0c26b73e-3934-11dc-8e9a-00123f7df83c}\Shell\AutoRun\command - "" = G:\system\viewer\Viewer.exe -- File not found
O33 - MountPoints2\{0c26b73e-3934-11dc-8e9a-00123f7df83c}\Shell\View your videos\command - "" = G:\system\viewer\Viewer.exe -- File not found
O33 - MountPoints2\{2e952964-3939-11dc-8e9b-00123f7df83c}\Shell\AutoRun\command - "" = G:\system\viewer\Viewer.exe -- File not found
O33 - MountPoints2\{2e952964-3939-11dc-8e9b-00123f7df83c}\Shell\View your videos\command - "" = G:\system\viewer\Viewer.exe -- File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{e93655f2-04e0-11de-9070-00123f7df83c}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Start.exe -- File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/05 22:23:16 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/03/05 19:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/03/05 19:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/03/05 19:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/03/05 19:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/03/05 17:35:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup.exe
[2010/03/05 17:16:42 | 000,017,408 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/03/05 17:14:16 | 000,442,368 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/03/05 17:13:44 | 000,540,672 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/03/05 13:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/03/05 13:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/03/05 11:51:21 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Michael\My Documents\winlogon.scr
[2010/03/05 00:15:46 | 000,439,166 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\My Documents\mbam-setup.exe
[2010/03/04 21:25:40 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/03/04 21:23:37 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/04 21:23:37 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/03/04 21:21:30 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/03/04 21:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/04 21:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/04 21:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\PC Tools
[2010/03/04 21:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/03/04 21:18:41 | 034,870,088 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Michael\My Documents\sdasetup.exe
[2010/03/04 12:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
[2010/03/04 12:41:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/04 12:41:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/04 12:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/04 12:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/04 12:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Malwarebytes_Anti-Malware_1.44
[2010/03/03 12:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/03/03 02:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\pfdgnl
[2010/02/25 11:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/02/24 14:06:36 | 000,173,328 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys
[2010/02/02 14:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/02 14:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/11 20:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CallingID
[2009/04/09 08:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/19 11:41:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/09/15 00:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/03/28 12:26:42 | 000,034,816 | R--- | C] (InstallShield Software Corporation) -- C:\Program Files\_Setup.dll
[2006/03/28 12:26:42 | 000,027,648 | R--- | C] (InstallShield Software Corporation) -- C:\Program Files\_ISDel_old.exe
[2006/03/28 12:26:42 | 000,027,648 | R--- | C] (InstallShield Software Corporation) -- C:\Program Files\_ISDel.exe
[2005/12/22 08:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/12/21 17:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 03:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 03:30:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/05 22:26:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 22:26:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/05 22:25:25 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Michael\ntuser.dat
[2010/03/05 22:25:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/05 22:25:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michael\ntuser.ini
[2010/03/05 22:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/05 21:22:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/03/05 20:58:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/05 18:00:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 17:35:46 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mbam-setup.exe
[2010/03/05 17:16:42 | 000,017,408 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/03/05 17:14:16 | 000,442,368 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/03/05 17:13:44 | 000,540,672 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/03/05 13:26:19 | 003,764,268 | -H-- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\IconCache.db
[2010/03/05 12:48:54 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\1267818535726-integrated.jnlp
[2010/03/05 12:19:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/05 11:57:22 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\1267815442557-integrated.jnlp
[2010/03/05 11:51:24 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Michael\My Documents\winlogon.scr
[2010/03/05 01:12:24 | 000,005,330 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/05 00:51:58 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\3DB933E6F2.sys
[2010/03/05 00:15:49 | 000,439,166 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\My Documents\mbam-setup.exe
[2010/03/04 21:21:33 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/03/04 21:18:41 | 034,870,088 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Michael\My Documents\sdasetup.exe
[2010/03/04 12:17:17 | 008,761,532 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Malwarebytes_Anti-Malware_1.44.zip
[2010/03/03 14:22:18 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Norton Installation Files.lnk
[2010/03/03 02:54:36 | 000,024,453 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Document2.wpd
[2010/03/01 02:21:47 | 000,216,685 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Tottie and the red hair brush
[2010/02/28 22:34:05 | 000,216,685 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\theredbrushnewversion
[2010/02/28 11:38:09 | 000,207,719 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\THOk youve really got to do several things if youre going to.wpd
[2010/02/27 18:21:38 | 000,003,468 | ---- | M] () -- C:\WINDOWS\sms.db
[2010/02/27 02:42:29 | 000,003,124 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\dreams essay
[2010/02/25 15:07:24 | 000,003,036 | ---- | M] () -- C:\WINDOWS\sms.bak
[2010/02/25 15:05:25 | 000,002,060 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Dear Bothers flooring;.wpd
[2010/02/25 03:00:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 14:06:36 | 000,173,328 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys
[2010/02/24 01:26:39 | 000,192,539 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\redbrush11usingtofillinstore11.wpd
[2010/02/24 01:24:57 | 000,022,693 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\redbrush11.wpd
[2010/02/23 20:07:19 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 19:28:55 | 001,917,469 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\4.wmv
[2010/02/23 19:28:32 | 001,813,463 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\2.wmv
[2010/02/23 19:28:05 | 001,917,469 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\1.wmv
[2010/02/22 01:05:14 | 000,167,455 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\redbrush6.wpd
[2010/02/22 00:44:12 | 000,023,951 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\ideasforlaterstories
[2010/02/22 00:43:44 | 000,167,378 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\redbrush5wpd.wpd
[2010/02/21 17:25:40 | 000,285,523 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Chapter 1.wpd
[2010/02/21 17:25:23 | 000,285,523 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\JonathanSimonstory.wpd
[2010/02/21 02:45:33 | 000,189,241 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\theredbrush4.wpd
[2010/02/19 23:17:57 | 000,136,485 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\aquaboy2.jpg
[2010/02/19 21:35:07 | 000,128,876 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\aquaboy.jpg
[2010/02/17 02:57:59 | 000,163,448 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\redbrush2.wpd
[2010/02/16 17:47:35 | 000,152,354 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Theredbrush
[2010/02/16 11:55:06 | 000,027,250 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Denke ich diese film waren nicht sehr gut.wpd
[2010/02/15 21:22:36 | 000,155,550 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Our little sage consists of boredom.wpd
[2010/02/13 09:48:21 | 000,009,104 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\One human may view a picture a thousand times seeing a thousand.wpd
[2010/02/12 19:38:51 | 000,016,057 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Whatcha Bubblezed;.wpd
[2010/02/11 09:46:05 | 000,017,633 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Dear SolRegina;.wpd
[2010/02/11 07:13:49 | 000,004,571 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Whatcha GadgetGizmo ! A few things really.wpd
[2010/02/10 08:59:58 | 000,145,116 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Money doesnt buy you happiness.wpd
[2010/02/09 00:47:24 | 000,147,255 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\LUKEANDADAMSTORY.wpd
[2010/02/06 01:07:50 | 000,026,512 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Theangel.wpd
[2010/02/06 01:07:40 | 000,015,166 | ---- | M] () -- C:\Documents.wpd
[2010/02/05 22:37:49 | 000,002,704 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Jersey national anthem words.wpd
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/05 12:49:51 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\1267818535726-integrated.jnlp
[2010/03/05 11:57:29 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\1267815442557-integrated.jnlp
[2010/03/04 21:25:40 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/03/04 21:23:37 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/03/04 21:23:37 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/03/04 21:21:33 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/03/04 21:21:30 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/03/04 12:41:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/04 12:17:17 | 008,761,532 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Malwarebytes_Anti-Malware_1.44.zip
[2010/03/03 14:09:17 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\PathsToScan.txt
[2010/03/03 12:56:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Norton Installation Files.lnk
[2010/03/01 02:21:47 | 000,216,685 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Tottie and the red hair brush
[2010/02/28 20:48:23 | 000,216,685 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\theredbrushnewversion
[2010/02/26 17:32:01 | 000,207,719 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\THOk youve really got to do several things if youre going to.wpd
[2010/02/26 17:10:00 | 000,003,124 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\dreams essay
[2010/02/25 15:05:32 | 000,024,453 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Document2.wpd
[2010/02/25 15:05:25 | 000,002,060 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Dear Bothers flooring;.wpd
[2010/02/24 01:26:33 | 000,192,539 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\redbrush11usingtofillinstore11.wpd
[2010/02/24 01:24:49 | 000,022,693 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\redbrush11.wpd
[2010/02/23 19:28:53 | 001,917,469 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\4.wmv
[2010/02/23 19:28:29 | 001,813,463 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\2.wmv
[2010/02/23 19:27:58 | 001,917,469 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\1.wmv
[2010/02/22 00:44:53 | 000,167,455 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\redbrush6.wpd
[2010/02/22 00:43:44 | 000,167,378 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\redbrush5wpd.wpd
[2010/02/21 14:08:30 | 000,023,951 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\ideasforlaterstories
[2010/02/20 00:52:29 | 000,189,241 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\theredbrush4.wpd
[2010/02/19 23:17:54 | 000,136,485 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\aquaboy2.jpg
[2010/02/19 21:35:05 | 000,128,876 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\aquaboy.jpg
[2010/02/16 20:00:12 | 000,163,448 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\redbrush2.wpd
[2010/02/16 17:47:35 | 000,152,354 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Theredbrush
[2010/02/13 02:42:55 | 000,009,104 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\One human may view a picture a thousand times seeing a thousand.wpd
[2010/02/12 19:38:51 | 000,016,057 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Whatcha Bubblezed;.wpd
[2010/02/11 15:34:31 | 000,155,550 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Our little sage consists of boredom.wpd
[2010/02/11 07:13:49 | 000,004,571 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Whatcha GadgetGizmo ! A few things really.wpd
[2010/02/10 08:59:57 | 000,145,116 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Money doesnt buy you happiness.wpd
[2010/02/07 21:48:57 | 000,027,250 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Denke ich diese film waren nicht sehr gut.wpd
[2010/02/06 00:03:03 | 000,015,166 | ---- | C] () -- C:\Documents.wpd
[2010/02/05 22:37:49 | 000,002,704 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Jersey national anthem words.wpd
[2010/02/05 17:29:00 | 000,026,512 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Theangel.wpd
[2009/12/13 15:26:46 | 000,007,549 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2009/12/13 15:26:14 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/12/10 14:18:22 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/09/28 08:01:51 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll
[2008/05/11 15:33:19 | 000,005,120 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2008/01/28 18:36:54 | 001,122,590 | -HS- | C] () -- C:\WINDOWS\System32\xktlwjjs.ini
[2008/01/23 18:49:55 | 001,102,770 | -HS- | C] () -- C:\WINDOWS\System32\djqurfwm.ini
[2008/01/22 18:25:09 | 001,102,530 | -HS- | C] () -- C:\WINDOWS\System32\qgoixvrx.ini
[2008/01/21 17:52:01 | 001,113,470 | -HS- | C] () -- C:\WINDOWS\System32\oqpakdfa.ini
[2008/01/21 09:45:27 | 001,091,366 | -HS- | C] () -- C:\WINDOWS\System32\kmnwucfs.ini
[2008/01/19 22:29:36 | 001,076,002 | -HS- | C] () -- C:\WINDOWS\System32\pkesxyry.ini
[2008/01/18 17:47:44 | 001,075,882 | -HS- | C] () -- C:\WINDOWS\System32\spcvqirf.ini
[2008/01/17 17:49:48 | 001,073,352 | -HS- | C] () -- C:\WINDOWS\System32\ctldtyli.ini
[2008/01/16 17:39:14 | 001,066,086 | -HS- | C] () -- C:\WINDOWS\System32\dsnjownq.ini
[2008/01/15 22:35:33 | 001,061,456 | -HS- | C] () -- C:\WINDOWS\System32\ohoxvjtk.ini
[2008/01/14 20:13:27 | 001,049,340 | -HS- | C] () -- C:\WINDOWS\System32\ahcgijhs.ini
[2008/01/06 14:45:34 | 001,049,269 | -HS- | C] () -- C:\WINDOWS\System32\edaqkjbm.ini
[2008/01/03 12:27:34 | 001,044,760 | -HS- | C] () -- C:\WINDOWS\System32\iloejtwp.ini
[2008/01/02 10:39:36 | 001,039,264 | -HS- | C] () -- C:\WINDOWS\System32\vlxotbuf.ini
[2008/01/01 10:36:09 | 001,032,178 | -HS- | C] () -- C:\WINDOWS\System32\axtgnitu.ini
[2007/12/31 11:41:03 | 001,031,799 | -HS- | C] () -- C:\WINDOWS\System32\rcjdawba.ini
[2007/12/30 11:18:46 | 001,031,724 | -HS- | C] () -- C:\WINDOWS\System32\ychmuexx.ini
[2007/12/29 10:16:12 | 001,031,499 | -HS- | C] () -- C:\WINDOWS\System32\ghiyylwl.ini
[2007/12/28 00:16:13 | 001,031,379 | -HS- | C] () -- C:\WINDOWS\System32\lnrvsqkg.ini
[2007/12/27 10:04:55 | 001,031,139 | -HS- | C] () -- C:\WINDOWS\System32\fgkoehkb.ini
[2007/12/26 15:39:15 | 001,031,208 | -HS- | C] () -- C:\WINDOWS\System32\mljsqjne.ini
[2007/12/24 11:15:12 | 000,987,343 | -HS- | C] () -- C:\WINDOWS\System32\wxkiuivj.ini
[2007/12/22 23:33:40 | 001,010,381 | -HS- | C] () -- C:\WINDOWS\System32\ghtyvjhw.ini
[2007/12/22 17:52:47 | 000,990,630 | -HS- | C] () -- C:\WINDOWS\System32\vopsnuay.ini
[2007/12/14 11:43:32 | 000,842,130 | -HS- | C] () -- C:\WINDOWS\System32\ststv.ini2
[2007/12/14 11:43:26 | 000,842,130 | -HS- | C] () -- C:\WINDOWS\System32\ststv.ini
[2007/12/01 15:55:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/10/10 10:51:07 | 000,000,275 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/05 22:38:33 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/08/21 20:38:38 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/04/10 16:50:13 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2007/03/01 01:25:49 | 000,000,248 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/02/28 10:41:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\AIMS.INI
[2007/02/28 10:41:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2007/02/05 16:40:31 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/01/06 10:47:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2006/12/18 17:37:46 | 000,000,275 | ---- | C] () -- C:\WINDOWS\IVIPUB.INI
[2006/12/18 17:36:48 | 000,040,192 | ---- | C] () -- C:\WINDOWS\ivipubw.dll
[2006/12/18 17:24:50 | 000,000,178 | ---- | C] () -- C:\WINDOWS\TCoYH.INI
[2006/09/11 15:40:55 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/08 13:24:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\dm.ini
[2006/09/08 13:24:14 | 000,001,331 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\AdobeDLM.log
[2006/07/09 08:46:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\qt3wrap.dll
[2006/07/09 08:46:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/06/11 02:06:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/28 12:26:43 | 006,758,912 | R--- | C] () -- C:\Program Files\ps601up.exe
[2006/03/28 12:26:43 | 000,415,574 | R--- | C] () -- C:\Program Files\Setup.bmp
[2006/03/28 12:26:43 | 000,204,890 | R--- | C] () -- C:\Program Files\data1.hdr
[2006/03/28 12:26:43 | 000,198,033 | R--- | C] () -- C:\Program Files\setup.ins
[2006/03/28 12:26:43 | 000,027,551 | R--- | C] () -- C:\Program Files\Photoshop 6.0 Readme.wri
[2006/03/28 12:26:43 | 000,004,679 | R--- | C] () -- C:\Program Files\lang.dat
[2006/03/28 12:26:43 | 000,000,652 | R--- | C] () -- C:\Program Files\layout.bin
[2006/03/28 12:26:43 | 000,000,450 | R--- | C] () -- C:\Program Files\os.dat
[2006/03/28 12:26:43 | 000,000,250 | R--- | C] () -- C:\Program Files\SETUP.INI
[2006/03/28 12:26:43 | 000,000,049 | R--- | C] () -- C:\Program Files\setup.lid
[2006/03/28 12:26:43 | 000,000,042 | R--- | C] () -- C:\Program Files\serial.txt
[2006/03/28 12:26:42 | 030,343,168 | R--- | C] () -- C:\Program Files\data1.cab
[2006/03/28 12:26:42 | 002,389,166 | R--- | C] () -- C:\Program Files\_user1.cab
[2006/03/28 12:26:42 | 000,297,989 | R--- | C] () -- C:\Program Files\_INST32I.EX_
[2006/03/28 12:26:42 | 000,181,565 | R--- | C] () -- C:\Program Files\_sys1.cab
[2006/03/28 12:26:42 | 000,008,812 | R--- | C] () -- C:\Program Files\_user1.hdr
[2006/03/28 12:26:42 | 000,006,492 | R--- | C] () -- C:\Program Files\_sys1.hdr
[2006/03/28 12:26:42 | 000,002,857 | R--- | C] () -- C:\Program Files\Abcpy.ini
[2006/03/28 12:26:42 | 000,000,101 | R--- | C] () -- C:\Program Files\DATA.TAG
[2006/03/28 12:26:42 | 000,000,043 | R--- | C] () -- C:\Program Files\autorun.inf
[2006/03/02 19:33:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/28 16:19:35 | 000,003,130 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/02/24 08:17:18 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/02/15 13:45:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Vicki.ini
[2006/02/12 17:43:52 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/23 09:51:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\PFP120JPR.{PB
[2006/01/23 09:51:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\PFP120JCM.{PB
[2006/01/22 15:55:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/01/22 15:55:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/01/22 09:47:37 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2006/01/15 14:20:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2006/01/15 14:15:22 | 000,001,587 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/15 14:13:24 | 000,000,612 | ---- | C] () -- C:\WINDOWS\Xgourmet.ini
[2005/12/22 00:11:31 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat
[2005/12/21 17:37:08 | 000,005,330 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/21 17:37:08 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\3DB933E6F2.sys
[2005/12/21 17:31:00 | 000,000,049 | ---- | C] () -- C:\WINDOWS\EPSONC88.ini
[2005/12/21 17:30:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/12/16 23:02:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/16 22:54:55 | 000,000,544 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/16 22:27:44 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/27 05:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B
< End of report >

Crockyoshighty
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft

Post by Crockyoshighty on Sat Mar 06, 2010 5:56 am

Finally! The effing thing wouldn't let me copy and paste the OLT until I opened it with Internet Explorer then I was able. Hope this helps fix this awful thing. Just wanted to say that I really am greatful to you blokes for helping.

Crockyoshighty
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24737
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft

Post by Belahzur on Sat Mar 06, 2010 3:50 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (no name) - {a8885ec3-f903-4e59-b2f9-a07716236065} - No CLSID value found.
    O2 - BHO: (no name) - {C5E233F9-7E2B-444D-8227-E9A67FCA7FA9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [fjbyfhlk] C:\Documents and Settings\Michael\Local Settings\Application Data\pfdgnl\tseysftav.exe ()
    O4 - HKCU..\Run: [fjbyfhlk] C:\Documents and Settings\Michael\Local Settings\Application Data\pfdgnl\tseysftav.exe ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O15 - HKLM\..Trusted Domains: amaena.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: avsystemcare.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: imageservr.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: onerateld.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: trustedantivirus.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: virusschlacht.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: amaena.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: avsystemcare.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: imagesrvr.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: onerateld.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: trustedantivirus.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: virusschlacht.com ([]* in Trusted sites)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\tuvtqpo: DllName - tuvtqpo.dll - File not found
    [2008/01/28 18:36:54 | 001,122,590 | -HS- | C] () -- C:\WINDOWS\System32\xktlwjjs.ini
    [2008/01/23 18:49:55 | 001,102,770 | -HS- | C] () -- C:\WINDOWS\System32\djqurfwm.ini
    [2008/01/22 18:25:09 | 001,102,530 | -HS- | C] () -- C:\WINDOWS\System32\qgoixvrx.ini
    [2008/01/21 17:52:01 | 001,113,470 | -HS- | C] () -- C:\WINDOWS\System32\oqpakdfa.ini
    [2008/01/21 09:45:27 | 001,091,366 | -HS- | C] () -- C:\WINDOWS\System32\kmnwucfs.ini
    [2008/01/19 22:29:36 | 001,076,002 | -HS- | C] () -- C:\WINDOWS\System32\pkesxyry.ini
    [2008/01/18 17:47:44 | 001,075,882 | -HS- | C] () -- C:\WINDOWS\System32\spcvqirf.ini
    [2008/01/17 17:49:48 | 001,073,352 | -HS- | C] () -- C:\WINDOWS\System32\ctldtyli.ini
    [2008/01/16 17:39:14 | 001,066,086 | -HS- | C] () -- C:\WINDOWS\System32\dsnjownq.ini
    [2008/01/15 22:35:33 | 001,061,456 | -HS- | C] () -- C:\WINDOWS\System32\ohoxvjtk.ini
    [2008/01/14 20:13:27 | 001,049,340 | -HS- | C] () -- C:\WINDOWS\System32\ahcgijhs.ini
    [2008/01/06 14:45:34 | 001,049,269 | -HS- | C] () -- C:\WINDOWS\System32\edaqkjbm.ini
    [2008/01/03 12:27:34 | 001,044,760 | -HS- | C] () -- C:\WINDOWS\System32\iloejtwp.ini
    [2008/01/02 10:39:36 | 001,039,264 | -HS- | C] () -- C:\WINDOWS\System32\vlxotbuf.ini
    [2008/01/01 10:36:09 | 001,032,178 | -HS- | C] () -- C:\WINDOWS\System32\axtgnitu.ini
    [2007/12/31 11:41:03 | 001,031,799 | -HS- | C] () -- C:\WINDOWS\System32\rcjdawba.ini
    [2007/12/30 11:18:46 | 001,031,724 | -HS- | C] () -- C:\WINDOWS\System32\ychmuexx.ini
    [2007/12/29 10:16:12 | 001,031,499 | -HS- | C] () -- C:\WINDOWS\System32\ghiyylwl.ini
    [2007/12/28 00:16:13 | 001,031,379 | -HS- | C] () -- C:\WINDOWS\System32\lnrvsqkg.ini
    [2007/12/27 10:04:55 | 001,031,139 | -HS- | C] () -- C:\WINDOWS\System32\fgkoehkb.ini
    [2007/12/26 15:39:15 | 001,031,208 | -HS- | C] () -- C:\WINDOWS\System32\mljsqjne.ini
    [2007/12/24 11:15:12 | 000,987,343 | -HS- | C] () -- C:\WINDOWS\System32\wxkiuivj.ini
    [2007/12/22 23:33:40 | 001,010,381 | -HS- | C] () -- C:\WINDOWS\System32\ghtyvjhw.ini
    [2007/12/22 17:52:47 | 000,990,630 | -HS- | C] () -- C:\WINDOWS\System32\vopsnuay.ini
    [2007/12/14 11:43:32 | 000,842,130 | -HS- | C] () -- C:\WINDOWS\System32\ststv.ini2
    [2007/12/14 11:43:26 | 000,842,130 | -HS- | C] () -- C:\WINDOWS\System32\ststv.ini


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum