Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antimalware Doctor preventiing boot

Started by johnkirin , Apr 09 2011 11:45 PM

This topic is locked

#1
johnkirin

Posted 09 April 2011 - 11:45 PM

Member

Member
46 posts

I am running an intel-based Macbook Pro with a small Mac OS partition and a large Windows XP Professional partition that I use almost exclusively. Earlier today, Antimalware Doctor installed itself on my system. Once I figured out it was there, I tries to start Spyware Doctor (which I use regularly but did not have on when trhe computer became infected). Spyware Doctor would not start (I was also having trouble opening browser windows and received a warning from iTunes that there was something wrong with my audio setup). The graphic elements of windows had also become a bit cruder / less sharp. I had to shut the computer down. I tried to restart Windows, but could not get past a black screen ith a bliking cursor in the top left -- no windows splash page, no BIOS notices, just the grayish screens Macs flash on startup, and then the black screen with the cursor, endlessly. I am still able to start up the Mac OS. I edited boot.ini using a program on the Mac that allows it to write to Windows drives in an attempt to force Windows to start in safe mode; that did not work, and I recturned the boot file to its former state. I copied userinit.exe to wsaupdater.exe, as I have read that some malware will make that shift in order to interfere with the computer's boot; there had not been a file names wsaupdater.exe before I made that copy, however, and making the copy did not cure the problem. I downloaded the OTL program, ran the custom scan that was given in other postings (for example by Gammo)to people with similar problems, and here are the results (also attached, in case that's easier to read). Please help!

OTL logfile created on: 4/10/2011 6:52:57 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 162.12 Gb Total Space | 15.00 Gb Free Space | 9.25% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 0.28 Gb Free Space | 7.48% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2011/02/12 19:22:38 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/02/12 01:02:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/05 16:13:14 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/12/09 11:48:10 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/02 12:33:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 07:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/17 19:14:52 | 000,338,464 | ---- | M] (Soluto) [Auto] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2010/03/15 15:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/11/15 01:40:46 | 000,136,504 | ---- | M] () [Auto] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2009/11/15 01:40:46 | 000,099,640 | ---- | M] (Apple Inc.) [Auto] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2009/10/21 21:27:32 | 000,025,824 | ---- | M] (Memeo) [Auto] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/10/22 10:41:28 | 000,417,792 | ---- | M] (mental images GmbH) [Auto] -- C:\spm\spmdib.exe -- (spmd)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/09 11:56:04 | 000,049,152 | ---- | M] () [Auto] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/02 12:33:12 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/02 12:33:12 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/02 12:33:12 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/11/25 11:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/25 11:42:10 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/11/17 11:19:50 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/07/16 15:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 15:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/17 19:06:44 | 000,179,656 | ---- | M] (Soluto LTD.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\PCGenFAM.sys -- (PCGenFAM)
DRV - [2009/11/15 01:40:46 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/10/16 09:36:53 | 000,029,696 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\applemtp.sys -- (applemtp)
DRV - [2009/10/16 09:36:53 | 000,010,496 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\applemtm.sys -- (applemtm)
DRV - [2009/10/16 09:36:50 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2009/08/18 17:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/14 23:26:12 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/09/19 04:04:00 | 000,290,432 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/09/10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/15 15:31:18 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/04/15 15:30:24 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2006/12/14 07:37:40 | 000,072,672 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\John_Kirincich_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\John_Kirincich_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://old.fastmail.fm/mail/?MLS=MB-*;Ust=a0ccdd5c!a40741ae;SMB-CF=10100649;UDm=49;SMB-ST=comix;MSignal=MB-GF**182853
IE - HKU\John_Kirincich_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\John_Kirincich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\John_Kirincich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/21 15:50:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2011/01/20 01:25:06 | 000,000,000 | ---D | M]

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\John_Kirincich_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IRW] C:\WINDOWS\system32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\John_Kirincich_ON_C..\Run: [k70ccreloc.exe] C:\Documents and Settings\John Kirincich\Application Data\AB3A29BB100F3407C303119F4FC9650D\k70ccreloc.exe ()
O4 - HKU\John_Kirincich_ON_C..\Run: [LxrAutorun] C:\Documents and Settings\John Kirincich\Local Settings\Application Data\Lexar Media\LxrAutorun.exe ()
O4 - HKU\John_Kirincich_ON_C..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chapura SyncManager.lnk = C:\Program Files\Chapura\Chapura SyncManager\SyncMgr.exe (Chapura®, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk = C:\WINDOWS\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\John_Kirincich_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\John_Kirincich_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223517678117 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} http://www.fultoncou...iator/jinit.exe (JInitiator 1.3.1.22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 21:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/13 18:34:24 | 000,579,088 | -H-- | M] (Ceedo Technologies Ltd.) - D:\AutoDetect.exe -- [ FAT32 ]
O32 - AutoRun File - [2008/03/13 18:34:22 | 000,620,040 | ---- | M] (Ceedo Technologies Ltd.) - D:\Autorun.exe -- [ FAT32 ]
O32 - AutoRun File - [2007/07/29 12:00:58 | 000,000,810 | RH-- | M] () - D:\Autorun.exe.manifest -- [ FAT32 ]
O32 - AutoRun File - [2008/04/01 15:43:14 | 000,000,758 | -H-- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 00:02:19 | 000,000,000 | ---D | C] -- C:\.fseventsd
[2011/04/09 22:19:30 | 000,000,000 | ---D | C] -- C:\.TemporaryItems
[2011/04/09 21:32:21 | 000,000,000 | ---D | C] -- C:\.Trashes
[2011/04/09 16:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/09 16:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/09 15:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/09 15:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/09 15:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Kirincich\Application Data\AB3A29BB100F3407C303119F4FC9650D
[2011/03/16 13:29:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2011/03/15 00:02:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/13 12:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TrueGames
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/09 23:36:39 | 000,006,148 | ---- | M] () -- C:\.DS_Store
[2011/04/09 23:15:56 | 000,006,148 | ---- | M] () -- C:\WINDOWS\.DS_Store
[2011/04/09 23:07:44 | 000,006,148 | ---- | M] () -- C:\WINDOWS\System32\.DS_Store
[2011/04/09 23:01:58 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\John Kirincich\.DS_Store
[2011/04/09 23:01:46 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\NetworkService\.DS_Store
[2011/04/09 23:01:41 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\LocalService\.DS_Store
[2011/04/09 23:00:53 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\All Users\.DS_Store
[2011/04/09 22:32:03 | 000,004,096 | ---- | M] () -- C:\._boot.ini
[2011/04/09 22:32:03 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/04/09 22:19:31 | 000,004,096 | ---- | M] () -- C:\._.TemporaryItems
[2011/04/09 22:02:00 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\.DS_Store
[2011/04/09 19:14:48 | 000,104,974 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Notice of Exercise of Stock Option.pdf
[2011/04/09 18:56:50 | 001,567,177 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Non Qualified Stock Option Agreement.pdf
[2011/04/09 18:37:51 | 004,350,658 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Non Qualified Stock Option Plan of 2008.pdf
[2011/04/09 18:09:09 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-573735546-682003330-1003.job
[2011/04/09 18:09:09 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-573735546-682003330-1003.job
[2011/04/09 17:53:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 17:46:08 | 000,757,051 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Investment Representation Statement (John Kirincich).pdf
[2011/04/09 17:33:20 | 001,120,437 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Nondisclosure Noncircumvention Agreement.pdf
[2011/04/09 17:24:14 | 000,914,312 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Management Job Offer Letter.pdf
[2011/04/09 17:09:06 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/09 15:11:08 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/04/09 13:44:49 | 000,000,215 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/04/09 11:44:07 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F3F1BA74-B0A1-4A56-97FC-2E2D38CEBA21}.job
[2011/04/09 00:23:43 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk
[2011/04/09 00:22:53 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 00:22:49 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/09 00:22:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 00:20:56 | 001,050,912 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 00:04:22 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/04/08 00:04:22 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\DivX Movies.lnk
[2011/03/28 23:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/24 23:04:09 | 000,648,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/16 00:02:56 | 000,506,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 00:02:56 | 000,088,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/15 23:21:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/15 00:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/13 12:29:12 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mytheon.lnk
[2011/03/13 12:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TrueGames
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 23:07:02 | 000,006,148 | ---- | C] () -- C:\WINDOWS\System32\.DS_Store
[2011/04/09 22:32:03 | 000,004,096 | ---- | C] () -- C:\._boot.ini
[2011/04/09 22:19:31 | 000,004,096 | ---- | C] () -- C:\._.TemporaryItems
[2011/04/09 22:00:58 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\NetworkService\.DS_Store
[2011/04/09 22:00:43 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\LocalService\.DS_Store
[2011/04/09 21:59:08 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Start Menu\Programs\.DS_Store
[2011/04/09 21:58:50 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\John Kirincich\.DS_Store
[2011/04/09 21:58:27 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\.DS_Store
[2011/04/09 21:58:06 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\All Users\.DS_Store
[2011/04/09 21:34:52 | 000,006,148 | ---- | C] () -- C:\WINDOWS\.DS_Store
[2011/04/09 21:32:48 | 000,006,148 | ---- | C] () -- C:\.DS_Store
[2011/04/09 19:14:48 | 000,104,974 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Notice of Exercise of Stock Option.pdf
[2011/04/09 18:56:47 | 001,567,177 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Non Qualified Stock Option Agreement.pdf
[2011/04/09 18:37:45 | 004,350,658 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Non Qualified Stock Option Plan of 2008.pdf
[2011/04/09 17:46:07 | 000,757,051 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Investment Representation Statement (John Kirincich).pdf
[2011/04/09 17:33:19 | 001,120,437 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Nondisclosure Noncircumvention Agreement.pdf
[2011/04/09 17:24:13 | 000,914,312 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Management Job Offer Letter.pdf
[2011/04/08 00:04:22 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/04/08 00:04:22 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\DivX Movies.lnk
[2011/03/17 00:49:39 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-573735546-682003330-1003.job
[2011/03/13 12:29:12 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mytheon.lnk
[2011/02/21 23:49:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BorisFX Blue1 BCC4.ini
[2011/02/20 20:18:41 | 007,506,432 | ---- | C] () -- C:\WINDOWS\System32\BLUE1 Render Engine 8BPC.dll
[2011/02/20 20:18:40 | 001,131,520 | ---- | C] () -- C:\WINDOWS\System32\Boris GL Renderer.dll
[2011/02/20 20:18:40 | 000,817,664 | ---- | C] () -- C:\WINDOWS\System32\Boris GL Scene.dll
[2011/02/20 20:18:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/02/20 20:18:40 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\Boris Utilities.dll
[2011/02/20 20:18:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Boris Render Node.dll
[2011/02/19 02:03:15 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/02/19 02:03:07 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/02/19 02:03:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/02/17 22:11:29 | 000,003,607 | ---- | C] () -- C:\WINDOWS\BorisRED4.3.ini
[2011/02/17 21:56:39 | 011,930,624 | ---- | C] () -- C:\WINDOWS\System32\FEC5_AE_16Bit.dll
[2011/02/17 21:56:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BorisFX FEC XML.ini
[2011/02/17 21:56:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BorisFEC5.ini
[2011/02/17 21:56:33 | 011,886,592 | ---- | C] () -- C:\WINDOWS\System32\FEC5_AE_8Bit.dll
[2011/02/17 21:56:33 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\MSL_All-DLL80_x86.dll
[2011/02/17 19:59:43 | 007,034,368 | ---- | C] () -- C:\WINDOWS\System32\BCC5 Render Engine 8BPC.dll
[2011/02/14 14:22:18 | 000,003,871 | ---- | C] () -- C:\WINDOWS\ScriptVT1.1.ini
[2011/02/14 14:22:18 | 000,001,425 | ---- | C] () -- C:\WINDOWS\ScriptTG1.1.ini
[2011/02/14 14:22:18 | 000,001,425 | ---- | C] () -- C:\WINDOWS\ScriptRC1.1.ini
[2011/02/13 19:25:38 | 002,041,344 | ---- | C] () -- C:\Program Files\Common Files\Boris RED.msi
[2011/02/13 16:25:43 | 000,003,609 | ---- | C] () -- C:\WINDOWS\BorisBLUE2.5.ini
[2011/02/13 15:31:35 | 007,450,112 | ---- | C] () -- C:\WINDOWS\System32\FEC5 Render Engine 8BPC.dll
[2011/02/13 15:31:34 | 006,321,152 | ---- | C] () -- C:\WINDOWS\System32\FEC5 Render Engine 16BPC.dll
[2011/01/05 20:51:30 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Cache.db
[2011/01/05 16:11:16 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/12/17 13:08:53 | 001,050,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/17 13:07:29 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Adobe Encore_AME.pref
[2010/12/14 11:43:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/12/14 01:46:45 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/11/24 20:19:07 | 000,038,480 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Application Data\Comma Separated Values (DOS).ADR
[2010/10/23 14:37:29 | 000,096,578 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2010/09/04 12:04:07 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr
[2010/09/03 17:04:47 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2010/08/22 13:51:57 | 000,245,760 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2010/08/18 11:26:11 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Local Settings\Application Data\packet
[2010/08/13 17:59:50 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\John Kirincich\g2mdlhlpx.exe
[2010/01/25 22:39:11 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/01/25 22:37:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/12 12:03:34 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/12/23 00:25:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/15 01:40:46 | 000,136,504 | ---- | C] () -- C:\WINDOWS\System32\AppleOSSMgr.exe
[2009/10/25 17:02:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/10/25 17:02:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/08 14:08:40 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\John Kirincich\BRW001DD90D42BC
[2009/10/08 14:06:14 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\John Kirincich\BRW001D90D42BC
[2009/09/17 23:26:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2009/09/13 19:22:06 | 000,057,896 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/16 18:56:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Local Settings\Application Data\fusioncache.dat
[2008/11/16 14:52:34 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/11/16 14:52:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/11/16 14:52:21 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008/11/16 14:52:20 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2008/11/16 14:52:15 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/16 14:52:15 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2008/11/16 14:47:50 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/10/29 22:17:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\XSIChooser.exe
[2008/10/14 16:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/10/13 23:33:46 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 01:12:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/10 10:37:01 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\maxdvd2avi-ver.ini
[2008/10/10 02:30:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/10/10 02:28:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 14:42:16 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/10/09 14:42:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2008/10/08 21:45:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/08 21:44:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/08 21:28:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 21:22:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/08 16:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/08 16:30:20 | 006,653,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,506,198 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,088,056 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/09 01:11:00 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/04/09 19:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\AB3A29BB100F3407C303119F4FC9650D
[2010/11/16 18:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Acapela Group
[2011/01/02 01:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\AnvSoft
[2010/09/19 01:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\CanuckSoftware
[2010/10/12 11:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/27 23:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\cYo
[2010/06/04 22:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\DeviceDoctorSoftware
[2010/07/15 14:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\EPSON
[2008/10/11 20:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\HotSync
[2008/11/16 19:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Memeo
[2009/01/19 17:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\PKWARE
[2011/01/20 00:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Registry Mechanic
[2010/06/20 20:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Soluto
[2010/09/05 13:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Stardock
[2010/12/02 23:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Unity
[2011/03/11 17:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\uTorrent
[2010/06/04 21:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\VersionTracker Pro
[2008/10/08 22:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Windows Desktop Search
[2008/10/09 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Windows Search
[2010/11/16 18:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Xtranormal
[2010/09/25 18:45:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/25 22:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2010/06/04 22:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2010/01/22 19:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/15 13:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/10/11 20:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/06/04 22:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/11/16 19:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/06/04 21:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/01/19 17:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2009/12/22 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/11/23 02:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultBar
[2010/06/20 20:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/12/01 21:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/04/09 19:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 00:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/17 21:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 11:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/05 13:27:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6AA53D5D-4235-46F9-BAB3-3C1AF08F4C1A}
[2009/09/12 10:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/19 22:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/09 15:11:08 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
[2011/04/09 11:44:07 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F3F1BA74-B0A1-4A56-97FC-2E2D38CEBA21}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/04/09 23:36:39 | 000,006,148 | ---- | M] () -- C:\.DS_Store
[2011/04/09 22:19:31 | 000,004,096 | ---- | M] () -- C:\._.TemporaryItems
[2011/04/09 22:32:03 | 000,004,096 | ---- | M] () -- C:\._boot.ini
[2010/01/23 22:44:50 | 000,001,940 | ---- | M] () -- C:\additdiag.txt
[2008/10/08 21:25:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/28 23:12:03 | 000,000,050 | ---- | M] () -- C:\BCUIUpdate.log
[2011/04/09 22:32:03 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2008/10/08 21:25:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/29 09:36:57 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2010/10/23 14:38:54 | 000,008,221 | ---- | M] () -- C:\HPDIU.log
[2010/10/23 14:37:05 | 000,001,788 | ---- | M] () -- C:\HPSIU.log
[2008/10/08 21:25:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/08 21:25:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/09 00:22:09 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/10/08 21:45:44 | 000,000,522 | ---- | M] () -- C:\RHDSetup.log
[2008/11/01 15:52:14 | 000,000,004 | ---- | M] () -- C:\ss_nb.dat
[2008/11/01 15:52:13 | 000,000,004 | ---- | M] () -- C:\ss_udp.dat
[2008/11/01 15:52:13 | 000,000,004 | ---- | M] () -- C:\ss_udp2.dat

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/10/08 21:25:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/05/01 12:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD86.DLL
[2006/05/01 12:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP86.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/10/09 14:23:10 | 000,280,576 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp083.DLL
[2008/04/04 21:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp5r1.DLL
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*

Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*

Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %PROGRAMFILES%\*.* >

Invalid Environment Variable: %APPDATA%\Update\*.*

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< %systemroot%\System32\config\*.sav >
[2008/10/08 16:29:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/08 16:29:15 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/08 16:29:15 | 000,942,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

Invalid Environment Variable: %ALLUSERSPROFILE%\Start Menu\*.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

Invalid Environment Variable: %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk

Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe

< %PROGRAMFILES%\Common Files\*.* >
[2010/10/20 17:39:52 | 002,041,344 | ---- | M] () -- C:\Program Files\Common Files\Boris RED.msi

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-25 03:04:14

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Attached Files

OTL.txt 94.52KB 133 downloads

#2
johnkirin

Posted 10 April 2011 - 12:37 PM

Member

Topic Starter
Member
46 posts

I should add some things to clarify:

First, when I say I downloaded OTL, I mean that I made a REATGO CD, booted from it, and ran OTL from there. I cannot boot the infected computer from the WIndows drive (though I can boot it from the Mac drive.

Second, because this is Mac hardware, there seems to be no way to boot Windows or any other non-Mac OS from a USB, so I believe the solution will have to rely on CD's. I'm pretty sure, though not positive, that intenet access from Windows or similar OS's is blocked. I have internet connectivity when booting from the Mac drive, but do not seem to have it for the REATGO boot, or with the AVG bootable CD which I am running now, as recommended in the geeks to go drive for people who cant boot.

Thanks for all you do as volunteers. I hope someone can help soon, because I'm a little desperate and only have limited access to the borrowed computer I'm using to post.

#3
johnkirin

Posted 10 April 2011 - 02:15 PM

Member

Topic Starter
Member
46 posts

I ran the scan from the AVG bootable disk and it said no viruses were found. The AVG program could not connect to the internet, so I was not able to download the update, but the program indicated that the database it was using dated from a week ago (4/3/2011).

I'm not sure why the Antimalware Doctor would not be detected. I did try to remove it through add and remove programs (twice), but that only seemed to make the malware run itself. I had tried to start up Spuware Doctor, but that hung up. Using my Mac partition, I was unable to find antimalwaredoctor.exe or enemies-list.txt (or whatever the exact names are) on the Windows NTSF drive, but the Mac search function for that drive does not work very well. (It will miss files that I can see.) All I can say for sure is that those two files were not in the WIndows or System32 folders.

So maybe the Antimalware Doctor is still there and maybe it is not, but I still can't boot my Windows XP Professional hard drive.

#4
johnkirin

Posted 10 April 2011 - 02:17 PM

Member

Topic Starter
Member
46 posts

Correction: The AVG virus database dates from March 4, 2011.The AVG disk could not connect to the internet, so I could not update it further.

#5
johnkirin

Posted 10 April 2011 - 11:24 PM

Member

Topic Starter
Member
46 posts

Got a hold of a Windows XP Pro installation disk. Tried to have it repair the installation. No change. Just some more information for whomever eventually takes a look at this. I did not try a "new" installation, because I do not know whther that will preserve my programs and data.

#6
johnkirin

Posted 11 April 2011 - 12:07 PM

Member

Topic Starter
Member
46 posts

I've posted all the details in this thread

http://www.geekstogo..._gopid__1994129

I'm now wondering whether I should have posted it in this section, in case diferent mods watch different boards.

#7
michaelg9

Posted 13 April 2011 - 08:24 AM

Trusted Helper

Malware Removal
2,949 posts

. My name is Michael and I am here to help you fix your computer.

If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:

POST your logs, don't attach them, as it makes it harder to read.
Save or print these instructions as a part of the fix will be in safe mode where you will not be able to access the internet.
Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Sorry for the late replay, however you might have got a faster reply if you didn't answer to your own topic, just edit the first post instead

Next:

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

fix.txt 773bytes 135 downloads

Insert your USB drive with fix.txt on it
Start OTLPE
Go to D drive and open the file named Autorun.inf. Copy its contents on a notepad file and save it in your USB named autorun.txt. Post the contents of that file here then.
Drag and drop fix.txt into the Custom scans and fixes box
If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done to normal mode if possible

Next:

If you were able to boot into normal mode (or even safe mode), then follow up. If you didn't then just post a new OTLPE log.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#8
johnkirin

Posted 13 April 2011 - 09:21 AM

Member

Topic Starter
Member
46 posts

Thanks for the reply. Sorry about replying to myself. In case someone was already loking at the problem, I did not want them to miss the new information.

I booted up from the REATGO CD and went to drive C: (you said D:, but I assume you meant the XP drive, which is C:). There does not seem to be an autorun.inf file in the root directory. Is that perhaps the whole problem? Should I proceed with the fix file you posted?

#9
michaelg9

Posted 13 April 2011 - 09:31 AM

Trusted Helper

Malware Removal
2,949 posts

Hello,

No I meant D drive. Look:

Drive C: | 162.12 Gb Total Space | 15.00 Gb Free Space | 9.25% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 0.28 Gb Free Space | 7.48% Space Free | Partition Type: FAT32

C: is where the OS is installed, but D is FAT32, which normally should be a USB drive. Did you have an attached USB drive to your computer while scanning?

Anyway, so you should go to D: to find that file, as you can see here:

O32 - AutoRun File - [2008/04/01 15:43:14 | 000,000,758 | -H-- | M] () - D:\Autorun.inf -- [ FAT32 ]

#10
johnkirin

Posted 13 April 2011 - 10:21 AM

Member

Topic Starter
Member
46 posts

Yes, because that's where I had the scan.txt file saved and I did not know that it would matter to take it out. I am now running the fix on the infected computer, but with the USB drive removed. Here is the text of the USB autorun.inf file:

[Autorun]
Open=Autorun.exe /run
Icon=Ceedo\Ceedo\CeedoRes.dll,-4107
Title=Ceedo
Action=Start Ceedo
Shell=Shell01
Shell\Shell01=Open Ceedo Action Window
Shell\Shell01\Command=Autorun.exe /action
Shell\Shell00=Start Ceedo
Shell\Shell00\Command=Autorun.exe /run
Shell\Shell02=Uninstall Ceedo
Shell\Shell02\Command=Autorun.exe /uninstall
EULA=1
[Language]
Name=eng

Under XP, the drive starts a utility program when inserted (to let you open the password-protected portion, shred files, etc.) That program does not auto-start when using the REATGO CD, and I did not attempt to start it. I used the unencrypted portion of the drive to transfer the scan, fix and OTL log files.

Using F8 for safe mode doesn't work on the Macbook Pro (as far as I can tell). I think you can force safe mode by booting up the Mac partition and editing the boot.ini file. (I tried once and nothing changed, so I don;t really know if it works or not, and I figured I'd just run the scan as directed, unless you want me to alter the boot.ini).

As I was typing this, the scan finished. I still cannot boot the XP drive (still a black screen with a cursor). I rebooted woth the REATGO CD and attempted to drag and drop the scan.txt file I originally used into OTLPE. I got a message that said scan .txt was "not a valid fix file". So I thought it might need to run the fix again, because the message at the end of running the fix the first time sais that it needed to reboot in order to finish deleting files. So I ran the fix a second time and restarted. XP still gives me a black screen with a cursor. OTLPE still tells me the scan file is "not a valid fix file" when I try to paste it (before I even get a chance to try to RUN it).

I ran a Quick Scan just in case that would save time. Here are the results:

OTL logfile created on: 4/13/2011 5:33:55 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2800.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 162.12 Gb Total Space | 18.80 Gb Free Space | 11.60% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2011/02/12 19:22:38 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/02/12 01:02:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/05 16:13:14 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/12/09 11:48:10 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/02 12:33:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 07:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/17 19:14:52 | 000,338,464 | ---- | M] (Soluto) [Auto] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2010/03/15 15:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/11/15 01:40:46 | 000,136,504 | ---- | M] () [Auto] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2009/11/15 01:40:46 | 000,099,640 | ---- | M] (Apple Inc.) [Auto] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2009/10/21 21:27:32 | 000,025,824 | ---- | M] (Memeo) [Auto] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/10/22 10:41:28 | 000,417,792 | ---- | M] (mental images GmbH) [Auto] -- C:\spm\spmdib.exe -- (spmd)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/09 11:56:04 | 000,049,152 | ---- | M] () [Auto] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/02 12:33:12 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/02 12:33:12 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/02 12:33:12 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/11/25 11:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/25 11:42:10 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/11/17 11:19:50 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/07/16 15:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 15:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/17 19:06:44 | 000,179,656 | ---- | M] (Soluto LTD.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\PCGenFAM.sys -- (PCGenFAM)
DRV - [2009/11/15 01:40:46 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/10/16 09:36:53 | 000,029,696 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\applemtp.sys -- (applemtp)
DRV - [2009/10/16 09:36:53 | 000,010,496 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\applemtm.sys -- (applemtm)
DRV - [2009/10/16 09:36:50 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2009/08/18 17:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/14 23:26:12 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/09/19 04:04:00 | 000,290,432 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/09/10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/15 15:31:18 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/04/15 15:30:24 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2006/12/14 07:37:40 | 000,072,672 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\John_Kirincich_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\John_Kirincich_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://old.fastmail.fm/mail/?MLS=MB-*;Ust=a0ccdd5c!a40741ae;SMB-CF=10100649;UDm=49;SMB-ST=comix;MSignal=MB-GF**182853
IE - HKU\John_Kirincich_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\John_Kirincich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\John_Kirincich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/21 15:50:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2011/01/20 01:25:06 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/04/13 17:01:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\John_Kirincich_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IRW] C:\WINDOWS\system32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\John_Kirincich_ON_C..\Run: [LxrAutorun] C:\Documents and Settings\John Kirincich\Local Settings\Application Data\Lexar Media\LxrAutorun.exe ()
O4 - HKU\John_Kirincich_ON_C..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chapura SyncManager.lnk = C:\Program Files\Chapura\Chapura SyncManager\SyncMgr.exe (Chapura®, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk = C:\WINDOWS\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\John_Kirincich_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\John_Kirincich_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223517678117 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} http://www.fultoncou...iator/jinit.exe (JInitiator 1.3.1.22)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 21:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 16:36:54 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/04/13 16:33:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/09 22:19:30 | 000,000,000 | ---D | C] -- C:\.TemporaryItems
[2011/04/09 21:32:21 | 000,000,000 | ---D | C] -- C:\.Trashes
[2011/04/09 16:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/09 16:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/09 15:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/09 15:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/15 00:02:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/04/13 17:01:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 10:28:39 | 000,006,148 | ---- | M] () -- C:\.DS_Store
[2011/04/11 16:17:54 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2011/04/11 16:15:24 | 000,000,318 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/11 16:15:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/10 13:18:50 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\John Kirincich\.DS_Store
[2011/04/09 23:15:56 | 000,006,148 | ---- | M] () -- C:\WINDOWS\.DS_Store
[2011/04/09 23:07:44 | 000,006,148 | ---- | M] () -- C:\WINDOWS\System32\.DS_Store
[2011/04/09 23:01:46 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\NetworkService\.DS_Store
[2011/04/09 23:01:41 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\LocalService\.DS_Store
[2011/04/09 23:00:53 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\All Users\.DS_Store
[2011/04/09 22:32:03 | 000,004,096 | ---- | M] () -- C:\._boot.ini
[2011/04/09 22:19:31 | 000,004,096 | ---- | M] () -- C:\._.TemporaryItems
[2011/04/09 22:02:00 | 000,006,148 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\.DS_Store
[2011/04/09 19:14:48 | 000,104,974 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Notice of Exercise of Stock Option.pdf
[2011/04/09 18:56:50 | 001,567,177 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Non Qualified Stock Option Agreement.pdf
[2011/04/09 18:37:51 | 004,350,658 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Non Qualified Stock Option Plan of 2008.pdf
[2011/04/09 18:09:09 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-573735546-682003330-1003.job
[2011/04/09 18:09:09 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-573735546-682003330-1003.job
[2011/04/09 17:53:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 17:46:08 | 000,757,051 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Investment Representation Statement (John Kirincich).pdf
[2011/04/09 17:33:20 | 001,120,437 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Nondisclosure Noncircumvention Agreement.pdf
[2011/04/09 17:24:14 | 000,914,312 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Management Job Offer Letter.pdf
[2011/04/09 17:09:06 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/09 15:11:08 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/04/09 13:44:49 | 000,000,215 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/04/09 11:44:07 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F3F1BA74-B0A1-4A56-97FC-2E2D38CEBA21}.job
[2011/04/09 00:23:43 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk
[2011/04/09 00:22:53 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 00:22:49 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/09 00:20:56 | 001,050,912 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 00:04:22 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/04/08 00:04:22 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\John Kirincich\Desktop\DivX Movies.lnk
[2011/03/28 23:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/24 23:04:09 | 000,648,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/16 00:02:56 | 000,506,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 00:02:56 | 000,088,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/15 23:21:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/15 00:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

========== Files Created - No Company Name ==========

[2011/04/09 23:07:02 | 000,006,148 | ---- | C] () -- C:\WINDOWS\System32\.DS_Store
[2011/04/09 22:32:03 | 000,004,096 | ---- | C] () -- C:\._boot.ini
[2011/04/09 22:19:31 | 000,004,096 | ---- | C] () -- C:\._.TemporaryItems
[2011/04/09 22:00:58 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\NetworkService\.DS_Store
[2011/04/09 22:00:43 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\LocalService\.DS_Store
[2011/04/09 21:59:08 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Start Menu\Programs\.DS_Store
[2011/04/09 21:58:50 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\John Kirincich\.DS_Store
[2011/04/09 21:58:27 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\.DS_Store
[2011/04/09 21:58:06 | 000,006,148 | ---- | C] () -- C:\Documents and Settings\All Users\.DS_Store
[2011/04/09 21:34:52 | 000,006,148 | ---- | C] () -- C:\WINDOWS\.DS_Store
[2011/04/09 21:32:48 | 000,006,148 | ---- | C] () -- C:\.DS_Store
[2011/04/09 19:14:48 | 000,104,974 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Notice of Exercise of Stock Option.pdf
[2011/04/09 18:56:47 | 001,567,177 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Non Qualified Stock Option Agreement.pdf
[2011/04/09 18:37:45 | 004,350,658 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Non Qualified Stock Option Plan of 2008.pdf
[2011/04/09 17:46:07 | 000,757,051 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Investment Representation Statement (John Kirincich).pdf
[2011/04/09 17:33:19 | 001,120,437 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Nondisclosure Noncircumvention Agreement.pdf
[2011/04/09 17:24:13 | 000,914,312 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\GADC Management Job Offer Letter.pdf
[2011/04/08 00:04:22 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/04/08 00:04:22 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Desktop\DivX Movies.lnk
[2011/03/17 00:49:39 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-573735546-682003330-1003.job
[2011/02/21 23:49:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BorisFX Blue1 BCC4.ini
[2011/02/20 20:18:41 | 007,506,432 | ---- | C] () -- C:\WINDOWS\System32\BLUE1 Render Engine 8BPC.dll
[2011/02/20 20:18:40 | 001,131,520 | ---- | C] () -- C:\WINDOWS\System32\Boris GL Renderer.dll
[2011/02/20 20:18:40 | 000,817,664 | ---- | C] () -- C:\WINDOWS\System32\Boris GL Scene.dll
[2011/02/20 20:18:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/02/20 20:18:40 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\Boris Utilities.dll
[2011/02/20 20:18:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Boris Render Node.dll
[2011/02/19 02:03:15 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/02/19 02:03:07 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/02/19 02:03:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/02/17 22:11:29 | 000,003,607 | ---- | C] () -- C:\WINDOWS\BorisRED4.3.ini
[2011/02/17 21:56:39 | 011,930,624 | ---- | C] () -- C:\WINDOWS\System32\FEC5_AE_16Bit.dll
[2011/02/17 21:56:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BorisFX FEC XML.ini
[2011/02/17 21:56:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BorisFEC5.ini
[2011/02/17 21:56:33 | 011,886,592 | ---- | C] () -- C:\WINDOWS\System32\FEC5_AE_8Bit.dll
[2011/02/17 21:56:33 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\MSL_All-DLL80_x86.dll
[2011/02/17 19:59:43 | 007,034,368 | ---- | C] () -- C:\WINDOWS\System32\BCC5 Render Engine 8BPC.dll
[2011/02/14 14:22:18 | 000,003,871 | ---- | C] () -- C:\WINDOWS\ScriptVT1.1.ini
[2011/02/14 14:22:18 | 000,001,425 | ---- | C] () -- C:\WINDOWS\ScriptTG1.1.ini
[2011/02/14 14:22:18 | 000,001,425 | ---- | C] () -- C:\WINDOWS\ScriptRC1.1.ini
[2011/02/13 19:25:38 | 002,041,344 | ---- | C] () -- C:\Program Files\Common Files\Boris RED.msi
[2011/02/13 16:25:43 | 000,003,609 | ---- | C] () -- C:\WINDOWS\BorisBLUE2.5.ini
[2011/02/13 15:31:35 | 007,450,112 | ---- | C] () -- C:\WINDOWS\System32\FEC5 Render Engine 8BPC.dll
[2011/02/13 15:31:34 | 006,321,152 | ---- | C] () -- C:\WINDOWS\System32\FEC5 Render Engine 16BPC.dll
[2011/01/05 20:51:30 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Cache.db
[2011/01/05 16:11:16 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/12/17 13:08:53 | 001,050,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/17 13:07:29 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Adobe Encore_AME.pref
[2010/12/14 11:43:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/12/14 01:46:45 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/11/24 20:19:07 | 000,038,480 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Application Data\Comma Separated Values (DOS).ADR
[2010/10/23 14:37:29 | 000,096,578 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2010/09/04 12:04:07 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr
[2010/09/03 17:04:47 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2010/08/22 13:51:57 | 000,245,760 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2010/08/18 11:26:11 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Local Settings\Application Data\packet
[2010/08/13 17:59:50 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\John Kirincich\g2mdlhlpx.exe
[2010/01/25 22:39:11 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/01/25 22:37:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/12 12:03:34 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/12/23 00:25:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/15 01:40:46 | 000,136,504 | ---- | C] () -- C:\WINDOWS\System32\AppleOSSMgr.exe
[2009/10/25 17:02:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/10/25 17:02:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/08 14:08:40 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\John Kirincich\BRW001DD90D42BC
[2009/10/08 14:06:14 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\John Kirincich\BRW001D90D42BC
[2009/09/17 23:26:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2009/09/13 19:22:06 | 000,057,896 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/16 18:56:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Local Settings\Application Data\fusioncache.dat
[2008/11/16 14:52:34 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/11/16 14:52:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/11/16 14:52:21 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008/11/16 14:52:20 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2008/11/16 14:52:15 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/16 14:52:15 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2008/11/16 14:47:50 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/10/29 22:17:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\XSIChooser.exe
[2008/10/14 16:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/10/13 23:33:46 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\John Kirincich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 01:12:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/10 10:37:01 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\maxdvd2avi-ver.ini
[2008/10/10 02:30:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/10/10 02:28:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 14:42:16 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/10/09 14:42:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2008/10/08 21:45:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/08 21:44:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/08 21:28:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 21:22:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/08 16:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/08 16:30:20 | 006,653,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,506,198 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,088,056 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/09 01:11:00 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/11/16 18:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Acapela Group
[2011/01/02 01:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\AnvSoft
[2010/09/19 01:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\CanuckSoftware
[2010/10/12 11:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/27 23:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\cYo
[2010/06/04 22:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\DeviceDoctorSoftware
[2010/07/15 14:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\EPSON
[2008/10/11 20:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\HotSync
[2008/11/16 19:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Memeo
[2009/01/19 17:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\PKWARE
[2011/01/20 00:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Registry Mechanic
[2010/06/20 20:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Soluto
[2010/09/05 13:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Stardock
[2010/12/02 23:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Unity
[2011/03/11 17:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\uTorrent
[2010/06/04 21:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\VersionTracker Pro
[2008/10/08 22:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Windows Desktop Search
[2008/10/09 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Windows Search
[2010/11/16 18:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Kirincich\Application Data\Xtranormal
[2010/09/25 18:45:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/25 22:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2010/06/04 22:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2010/01/22 19:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/15 13:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/10/11 20:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/06/04 22:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/11/16 19:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/06/04 21:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/01/19 17:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2009/12/22 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/11/23 02:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultBar
[2010/06/20 20:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/12/01 21:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/04/09 19:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 00:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/17 21:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 11:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/05 13:27:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6AA53D5D-4235-46F9-BAB3-3C1AF08F4C1A}
[2009/09/12 10:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/19 22:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/09 15:11:08 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
[2011/04/09 11:44:07 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F3F1BA74-B0A1-4A56-97FC-2E2D38CEBA21}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Edited by johnkirin, 13 April 2011 - 10:43 AM.

#11
michaelg9

Posted 13 April 2011 - 12:33 PM

Trusted Helper

Malware Removal
2,949 posts

Hey,

A few questions before we continue.

How you choose which OS to boot? Are you using a boot loader?

Do you have a Windows CD?

#12
johnkirin

Posted 13 April 2011 - 12:51 PM

Member

Topic Starter
Member
46 posts

I am using a Macbook Pro with a small OSX partition and a large WIndows XP partition. I almost never use the Mac parititon. When the Macbook Pro powers on, it briefly flashes a grey screen and a "bonggg" sort of tone. At that point, the user can press and hold the "option/alt" key, which brings up a graphical screen showing icons for any bootable hard drive or CD/DVD (but not USB drives -- I have read that it is basically impossible to boot a non-Mac OS from a USB on a Macbook). The user can also press and hold the "C" key right after the "bonggg" sound to skip the graphical screen and attempt boot from the CD/DVD drive.

Yes, I have a Windows XP Pro SP3 single-disk install disk. I have tried to repair install XP using the "R" option, which has produced no change. I have started the recovery console, but have been nervous about running FIXMBR or FIXBOOT, because DOS gives me warning messages about installing another OS on the drive.

#13
michaelg9

Posted 13 April 2011 - 01:02 PM

Trusted Helper

Malware Removal
2,949 posts

Hey,

You are right for those commands, if you run them most probably you will loose access to your OSX partition.
Most probably the problem is in the registry, if repair install didn't work. We're going to restore the registry.

Boot from the Windows XP installation CD...after the first several screens load, you will be given a choice to choose R for Recovery Console. You will then be asked to log in. Choose the installation to be repaired by number (usually 1) and press "Enter". When you are asked for the Administrator password, leave it blank and press "Enter".

When you get to the recovery console prompt:

Type cd \ and press "Enter".
Type cd system~1\_resto~1 and press "Enter".
Type dir and press "Enter".

After you press enter you will see a list of folders (like rp1, rp2) If the list of restore points has more than one page then press the "Enter" key until you reach the end of the list

Type cd rp {number of the second to last folder in the list} and press "Enter". (Example: Type cd rp9 if rp10 is the last restore point.)
Type cd snapshot and press "Enter".
Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".
Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".
Type exit and press "Enter".

Your PC will reboot.

If you get an access denied error when doing the above, then do the following at the recovery console:

Type cd \ and press "Enter".
Type cd windows\system32\config and press "Enter".
Type ren system system.bak and press "Enter".
Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.

#14
johnkirin

Posted 13 April 2011 - 03:11 PM

Member

Topic Starter
Member
46 posts

I followed the instructions. I had to overcome the "access denied" situation, and I had to press "Y" to allow overwriting the software file. There has been no change. Do we need to go to an earlier registry backup?