Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help removing backdoor.tidserv.l!inf

Started by Derik_H , Jan 27 2010 10:54 AM

Please log in to reply

#1
Derik_H

Posted 27 January 2010 - 10:54 AM

New Member

Member
3 posts

Good afternoon, I have been poking around on the site here and found that the virus my Norton internet security keeps finding has been reported by a few others. After reading some, I have downloaded a number of programs suggested already, and have tried to follow step by step instructions you have given others, but my guess is that the infection is slightly different on each computer. The name of the virus is backdoor.tidserv.l!inf. The programs I have downloaded so far are otl, tfc, combofix, malwarebytes, gmer, and atf cleaner. I would greatly appreciate some assistance removing this pesky virus.

Edited by Derik_H, 27 January 2010 - 04:51 PM.

#2
Derik_H

Posted 29 January 2010 - 02:25 PM

New Member

Topic Starter
Member
3 posts

Ok, getting some results from the programs i have downloaded. OTL scan gave me the following report:

OTL logfile created on: 1/29/2010 3:05:32 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Derik\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.98 Gb Total Space | 3.02 Gb Free Space | 4.88% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.22 Gb Free Space | 10.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYLAPTOP
Current User Name: Derik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/26 22:22:54 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derik\Desktop\OTL.exe
PRC - [2009/12/09 04:05:51 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe
PRC - [2009/11/12 13:48:56 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/04 13:16:54 | 00,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/22 06:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2009/06/22 06:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/06/24 20:49:14 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/18 03:00:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/07/11 23:55:34 | 00,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2006/06/27 17:31:34 | 00,102,400 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
PRC - [2006/06/19 13:33:12 | 00,163,840 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/05/18 18:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/05/12 13:27:16 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/05/04 00:58:26 | 00,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2006/04/01 00:01:48 | 00,761,946 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/03/15 23:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/05/27 18:50:06 | 00,045,056 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe

========== Modules (SafeList) ==========

MOD - [2010/01/26 22:22:54 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derik\Desktop\OTL.exe
MOD - [2009/12/17 01:08:57 | 00,407,408 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\asoehook.dll
MOD - [2009/07/12 03:02:02 | 00,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 00,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcp90.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/01/06 19:10:35 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/09 04:05:51 | 00,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS)
SRV - [2009/11/12 13:48:56 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/09/04 13:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 13:16:54 | 00,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/22 06:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2009/06/22 06:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/25 08:02:17 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/05/01 19:35:38 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/08/18 03:00:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/06/12 15:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 18:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/12 13:27:16 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/10/06 20:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/05/27 18:50:06 | 00,045,056 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe -- (PDUiP6000DMemCrdMgr)
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/01/27 02:45:33 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/01/27 02:45:33 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/16 14:40:52 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/16 14:20:20 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 04:06:51 | 00,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\ccHPx86.sys -- (ccHP)
DRV - [2009/12/04 23:54:05 | 00,529,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/03 01:08:32 | 00,325,168 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1105000.07F\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/03 01:08:32 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/11/26 01:41:48 | 00,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SYMEFA.SYS -- (SymEFA)
DRV - [2009/11/26 01:41:22 | 00,116,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\Ironx86.SYS -- (SymIRON)
DRV - [2009/11/21 19:43:48 | 00,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1105000.07F\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/11/12 13:48:56 | 00,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/05 17:06:13 | 00,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 17:37:22 | 00,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/10/20 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/02 00:28:46 | 00,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/06/22 06:48:44 | 00,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/06/05 10:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/05/08 07:28:49 | 00,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/18 03:00:00 | 03,687,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/06 09:28:58 | 00,047,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/06/19 07:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/01 19:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 13:19:04 | 01,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 13:16:44 | 00,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 12:12:00 | 00,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 05:03:20 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 05:02:40 | 00,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 05:02:36 | 00,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/31 23:41:40 | 00,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/03/15 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/03/15 23:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2006/03/05 18:49:36 | 00,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 19:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 19:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/14 00:57:46 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/11/15 23:28:32 | 00,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 21:08:00 | 00,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 20:54:50 | 00,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/20 20:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005/10/13 04:07:12 | 00,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 16:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 16:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 16:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 09:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 09:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 01:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/Default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/12/16 14:20:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/26 22:55:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/09/11 18:04:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/01/21 22:21:31 | 00,000,000 | ---D | M]

O1 HOSTS File: ([2010/01/27 00:00:14 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: carlson.com ([www.xcsa] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20364.www2....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://secure.iolpo...criptx/smsx.cab (MeadCo ScriptX)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Derik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Derik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 03:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 00:24:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Desktop\Rid of My Virus Programs
[2010/01/27 00:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Application Data\Malwarebytes
[2010/01/27 00:23:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/27 00:23:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/27 00:23:38 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/27 00:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/27 00:12:22 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/27 00:12:00 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Derik\Desktop\mbam-setup.exe
[2010/01/27 00:10:06 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derik\Desktop\TFC.exe
[2010/01/26 23:22:28 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/26 22:22:52 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derik\Desktop\OTL.exe
[2010/01/26 22:16:55 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Derik\Desktop\ATF-Cleaner.exe
[2010/01/26 22:12:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/26 21:52:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/01/26 21:48:22 | 00,101,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvtcp.sys
[2010/01/26 21:48:20 | 00,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2010/01/26 21:47:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/01/26 21:47:07 | 00,208,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2010/01/21 22:21:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/01/21 22:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/16 23:27:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/13 11:03:42 | 00,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/12 23:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Application Data\InfraRecorder
[2010/01/12 23:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010/01/12 23:32:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Application Data\Canneverbe_Limited
[2010/01/12 23:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/01/12 23:31:55 | 00,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/01/12 23:01:56 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2010/01/12 23:01:56 | 00,081,920 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\System32\mbmouse.ocx
[2010/01/12 23:01:56 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/01/12 23:01:56 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/01/12 19:20:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\.thumb
[2010/01/12 19:08:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Local Settings\Application Data\WeatherBug
[2010/01/12 19:07:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Application Data\WeatherBug
[2010/01/12 19:07:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Application Data\Yahoo!
[2010/01/12 19:06:14 | 00,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/01/12 18:11:08 | 00,000,000 | ---D | C] -- C:\sysmon
[2010/01/11 18:12:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\My Documents\LimeWire
[2010/01/11 18:01:04 | 00,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\WINDOWS\uninst.exe
[2010/01/11 17:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Application Data\Nero
[2010/01/11 17:22:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/01/11 17:22:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/01/11 17:06:23 | 00,000,000 | ---D | C] -- C:\Program Files\Rhapsody
[2010/01/07 12:46:37 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Derik\My Documents\My DVDs
[2010/01/07 12:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Application Data\Sonic
[2010/01/07 12:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/06 20:17:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Derik\Local Settings\Application Data\Temp
[2010/01/06 19:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/26 13:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/02 18:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/20 17:08:58 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[2007/10/29 00:10:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/10/28 21:52:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/10/28 21:52:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/10/28 21:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/09/24 10:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\Documents and Settings\Derik\My Documents\*.tmp files -> C:\Documents and Settings\Derik\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/29 14:48:30 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/29 14:17:14 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/29 10:11:28 | 00,002,261 | ---- | M] () -- C:\hpqp.ini
[2010/01/27 19:17:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/27 00:47:14 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\Derik\ntuser.dat
[2010/01/27 00:39:15 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/27 00:39:14 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/01/27 00:39:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/27 00:39:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/27 00:39:05 | 21,460,21376 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 00:31:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Derik\ntuser.ini
[2010/01/27 00:23:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Derik\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/27 00:12:46 | 04,318,114 | -H-- | M] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\IconCache.db
[2010/01/27 00:12:07 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Derik\Desktop\mbam-setup.exe
[2010/01/27 00:10:21 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derik\Desktop\TFC.exe
[2010/01/27 00:00:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/27 00:00:14 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/26 23:22:36 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2010/01/26 22:54:20 | 00,000,744 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Derik.job
[2010/01/26 22:54:19 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/01/26 22:53:58 | 01,142,276 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB
[2010/01/26 22:35:13 | 15,238,8608 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\archive.pst
[2010/01/26 22:22:54 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derik\Desktop\OTL.exe
[2010/01/26 22:21:00 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Derik\Desktop\fsyufxmn.exe
[2010/01/26 22:16:56 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Derik\Desktop\ATF-Cleaner.exe
[2010/01/26 21:46:01 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/26 21:32:12 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/26 00:01:24 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Sdozole.dat
[2010/01/26 00:01:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ckeqexexexivu.bin
[2010/01/25 16:14:44 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\RachfalCoverLetter.doc
[2010/01/25 15:53:02 | 00,059,904 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\APPLICATION%20FOR%20EMPLOYMENT_Rachel_Rachfal.doc
[2010/01/25 15:40:05 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\scannable.doc
[2010/01/25 12:48:13 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\DLLRUnemploymentInsurance.doc
[2010/01/23 16:47:06 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/20 21:02:35 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/01/20 18:37:46 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\scannable2010.doc
[2010/01/20 15:07:45 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\ShipShapemediaalert.doc
[2010/01/20 11:49:49 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\ParkingTicket.doc
[2010/01/19 18:08:30 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\RachfalCL.doc
[2010/01/19 15:41:35 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\RachfalReferences.doc
[2010/01/16 23:30:52 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/16 23:30:52 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2010/01/16 23:22:18 | 00,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/14 19:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/14 03:03:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 22:57:34 | 00,400,384 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\JLAShipShapeHealthFair.pub
[2010/01/13 18:29:09 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Derik\My Documents\~$ipShapeEventPRPlan.doc
[2010/01/13 17:35:10 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Derik\My Documents\~$annable2010.doc
[2010/01/13 15:49:34 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\RachfalResume.doc
[2010/01/12 23:38:37 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2010/01/12 22:51:52 | 00,000,598 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/01/12 19:06:21 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\Derik\Desktop\1000 Free Songs!.lnk
[2010/01/12 18:06:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\TekSystems Thank you.doc
[2010/01/11 18:12:18 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Derik\Desktop\LimeWire 4.16.6.lnk
[2010/01/11 17:07:13 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2010/01/11 09:42:19 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Derik\My Documents\~$chfalReferences.doc
[2010/01/09 12:14:23 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\Mayoral_Letter.doc
[2010/01/07 23:46:23 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\Mayoral%20Letter.doc
[2010/01/07 23:03:16 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\TEKsystems_WebWriter_assignment_RRachfal.doc
[2010/01/07 22:54:37 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\The staffing industry has long been looked to as.doc
[2010/01/07 18:40:27 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\TCS_Affirmative%20Action%20Information_Rachfal.doc
[2010/01/07 18:37:43 | 00,254,470 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\Application_Rachel_Rachfal_TeleCommunicationSystems.rtf
[2010/01/07 17:26:08 | 00,169,984 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\maryland_employment_application_ms100.doc
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 12:11:34 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/06 23:05:40 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\RachfalresumeJB.doc
[2010/01/06 20:47:58 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\ACG Systems.doc
[2010/01/06 20:24:27 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/05 18:45:34 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\ShipShapeEventPRPlan.doc
[2010/01/04 18:57:10 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\MWEResume.doc
[2010/01/04 18:31:37 | 00,010,666 | ---- | M] () -- C:\Documents and Settings\Derik\My Documents\DLLR.pdf
[2010/01/04 16:26:56 | 00,579,788 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/04 16:26:56 | 00,484,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/04 16:26:56 | 00,087,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\Documents and Settings\Derik\My Documents\*.tmp files -> C:\Documents and Settings\Derik\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/27 00:23:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Derik\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 23:22:36 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2010/01/26 23:22:32 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/26 22:20:57 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Derik\Desktop\fsyufxmn.exe
[2010/01/26 22:12:35 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/26 22:12:35 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/26 21:50:58 | 21,460,21376 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/26 21:48:21 | 00,003,903 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/01/26 21:47:47 | 00,051,048 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/26 21:47:15 | 00,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/01/25 15:53:02 | 00,059,904 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\APPLICATION%20FOR%20EMPLOYMENT_Rachel_Rachfal.doc
[2010/01/23 16:47:06 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/20 21:02:33 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/01/20 15:07:45 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\ShipShapemediaalert.doc
[2010/01/20 11:49:49 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\ParkingTicket.doc
[2010/01/19 16:11:04 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\RachfalCL.doc
[2010/01/13 22:57:33 | 00,400,384 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\JLAShipShapeHealthFair.pub
[2010/01/13 18:29:09 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Derik\My Documents\~$ipShapeEventPRPlan.doc
[2010/01/13 17:35:10 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Derik\My Documents\~$annable2010.doc
[2010/01/12 23:38:37 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2010/01/12 23:31:55 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/12 19:11:39 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\xobni_installer_updater.log
[2010/01/12 19:06:15 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\Derik\Desktop\1000 Free Songs!.lnk
[2010/01/12 18:56:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ckeqexexexivu.bin
[2010/01/12 18:56:43 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Sdozole.dat
[2010/01/12 18:06:44 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\TekSystems Thank you.doc
[2010/01/11 18:12:17 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Derik\Desktop\LimeWire 4.16.6.lnk
[2010/01/11 17:07:13 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2010/01/11 15:16:27 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\DLLRUnemploymentInsurance.doc
[2010/01/11 09:42:19 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Derik\My Documents\~$chfalReferences.doc
[2010/01/09 12:14:22 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\Mayoral_Letter.doc
[2010/01/07 23:46:23 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\Mayoral%20Letter.doc
[2010/01/07 23:01:04 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\TEKsystems_WebWriter_assignment_RRachfal.doc
[2010/01/07 21:57:36 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\The staffing industry has long been looked to as.doc
[2010/01/07 18:40:27 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\TCS_Affirmative%20Action%20Information_Rachfal.doc
[2010/01/06 20:47:58 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\ACG Systems.doc
[2010/01/06 20:24:27 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/06 19:12:22 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/06 19:12:20 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/06 00:26:34 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\RachfalReferences.doc
[2010/01/05 18:45:34 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\ShipShapeEventPRPlan.doc
[2010/01/05 11:25:06 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\RachfalresumeJB.doc
[2010/01/04 18:57:10 | 00,064,000 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\MWEResume.doc
[2010/01/04 18:31:37 | 00,010,666 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\DLLR.pdf
[2010/01/04 18:05:30 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Derik\My Documents\scannable2010.doc
[2009/12/16 14:48:49 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/06/18 21:58:52 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Derik\Application Data\$_hpcst$.hpc
[2009/06/13 20:35:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/06/13 20:32:04 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2009/05/14 14:29:30 | 00,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/05/02 08:48:23 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\FnF4.txt
[2008/03/20 17:08:58 | 00,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/03/14 19:15:03 | 00,038,435 | ---- | C] () -- C:\Documents and Settings\Derik\Application Data\Comma Separated Values (Windows).ADR
[2008/03/14 19:13:21 | 00,009,322 | ---- | C] () -- C:\Documents and Settings\Derik\Application Data\Comma Separated Values (Windows).EML
[2008/02/28 07:21:00 | 00,000,123 | ---- | C] () -- C:\WINDOWS\EPSON CX3200 Installer.ini
[2008/01/12 14:25:48 | 00,000,196 | ---- | C] () -- C:\Documents and Settings\Derik\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/11/14 11:04:49 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/30 18:17:37 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/30 15:58:05 | 00,317,608 | ---- | C] () -- C:\WINDOWS\System32\RPTlpr.dll
[2007/10/30 15:58:05 | 00,312,764 | ---- | C] () -- C:\WINDOWS\System32\LPRlpr.dll
[2007/10/28 22:27:40 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\fusioncache.dat
[2007/10/28 22:27:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\DSwitch.txt
[2007/10/28 22:27:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\AtStart.txt
[2007/10/28 22:27:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Derik\Local Settings\Application Data\QSwitch.txt
[2007/10/16 11:40:06 | 00,091,520 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/04/05 06:56:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/19 10:17:05 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/19 10:13:10 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/19 10:00:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/19 09:49:48 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/18 03:00:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 03:00:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 03:00:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 03:00:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 03:00:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 14:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 13:49:18 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 13:46:56 | 00,000,598 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 13:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/12 13:23:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/03/04 02:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/01/26 19:04:16 | 00,099,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvata.sys
[2005/05/05 21:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 15:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

#3
Derik_H

Posted 29 January 2010 - 02:33 PM

New Member

Topic Starter
Member
3 posts

And the OTL extra's text read:

OTL Extras logfile created on: 1/29/2010 3:05:32 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Derik\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.98 Gb Total Space | 3.02 Gb Free Space | 4.88% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.22 Gb Free Space | 10.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYLAPTOP
Current User Name: Derik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AAW2007] -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe /scanfolder "%1" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"" =

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0725C68F-FD3A-4476-BDA0-C002C7FE307C}" = BlackBerry Desktop Software 4.2.2
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C23BEBC-0429-4254-A83F-15C591AB768A}" = HP Pavilion Webcam Tray Icon
"{13BCF6CB-2F54-4962-9B11-32F07048ACF3}" = HP User Guides 0031
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35F768BD-330E-4A2C-89C5-A38B588AF08D}" = Canon PIXMA iP6000D Memory Card Utility
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Pavilion Webcam
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{44CDB8EC-569D-4C61-B18C-8768A1FC7E15}" = Panasonic RPT Network Printer Port
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E8858EC-6B09-4939-99F2-5678073A0327}" = Microsoft Office Live Meeting 2005
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 1.00 A7
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9B3367FE-8575-435E-A80D-B2E9EA67497A}" = BlackBerry v4.2.2 for the 8830 Series Wireless Device
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E3CD4EA8-68BB-46E8-9E79-20A417A82C53}" = Microsoft Office Live Meeting 2007
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6" = AIM 6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{0725C68F-FD3A-4476-BDA0-C002C7FE307C}" = BlackBerry Desktop Software 4.2.2
"CANONBJ_Deinstall_CNMCP69.DLL" = Canon PIXMA iP6000D
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"CopyTrans Suite" = CopyTrans Suite Remove Only
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LimeWire" = LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Netscape Browser" = Netscape Browser (remove only)
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStage" = PhotoStage Slideshow Producer
"Rhapsody" = Rhapsody
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"winusb0100" = Microsoft WinUsb 1.0
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2010 11:43:25 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:44:32 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:47:50 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:49:08 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:49:18 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:49:48 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:50:08 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:54:36 PM | Computer Name = MYLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/27/2010 12:09:57 AM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2010 4:05:22 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 1/26/2010 11:43:25 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:44:32 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:47:50 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:49:08 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:49:18 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:49:48 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:50:08 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2010 11:54:36 PM | Computer Name = MYLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/27/2010 12:09:57 AM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2010 4:05:22 PM | Computer Name = MYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/27/2010 1:12:20 AM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly. It has done this 1
time(s).

Error - 1/27/2010 1:12:20 AM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7034
Description = The NMSAccessU service terminated unexpectedly. It has done this
1 time(s).

Error - 1/27/2010 1:12:20 AM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Canon PIXMA iP6000D Memory Card Manager service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/27/2010 1:12:20 AM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7031
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 1/27/2010 1:12:20 AM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Message Queuing service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/27/2010 1:12:20 AM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Message Queuing Triggers service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/27/2010 1:39:34 AM | Computer Name = MYLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde Pcmcia ViaIde

Error - 1/27/2010 2:03:27 AM | Computer Name = MYLAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'ComboFix.exe' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 1/27/2010 12:21:38 PM | Computer Name = MYLAPTOP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.80.107. The machine with the IP address 192.168.80.234 did
not allow the name to be claimed by this machine.

Error - 1/27/2010 6:45:52 PM | Computer Name = MYLAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.80.107
on the Network Card with network address 0014A5D82ED0.

< End of report >