Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browers (both Firefox & IE)are EXTREMELY slow


  • Please log in to reply

#1
jsaklas

jsaklas

    Member

  • Member
  • PipPipPip
  • 333 posts
First - I am not an expert, just a user.

Both of my browsers, Firefox and IE, are EXTREMELY slow when I am on the computer. Email, however, is either OK or only slightly slow, I can't distinguish for certain. However, when I switch users (I and my wife have access to the machine, both with full admin rights), the browsers seem only a little slow or normal - again, I'm not sure.

Also, I get an icon on my desktop named: fpfkbfxlzm.tmp This does not show up when I switch user to my wife. If I delete the icon, it comes back when I load Firefox.

I use the most up-to-date version of Firefox, but an older version of IE (I very rarely use IE).

I have an older machine running XP SP3 on a Pentium 4 processor.

I have run both my AVIRA anti-virus (the premium version) and Malwarbytes anti-malware (the free version) but neither has eliminated the problem.

Immediately below is my OTL Log. Thanks

---------------------------------------

OTL logfile created on: 10/1/2011 11:01:29 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Luli\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 57.65% Memory free
2.11 Gb Paging File | 1.50 Gb Available in Paging File | 71.42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 10.44 Gb Free Space | 14.00% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 33.17 Gb Free Space | 89.03% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Luli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/01 10:58:19 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luli\My Documents\Downloads\OTL.scr
PRC - [2011/09/07 01:15:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 02:18:55 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/07/02 02:18:55 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/07/02 02:18:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 17:31:44 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/23 19:40:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/11/23 19:40:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:52 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/09/25 17:52:04 | 000,085,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\NswUiTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/02/16 12:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2003/05/08 08:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/28 10:40:36 | 006,277,280 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/07 01:15:52 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/11/23 19:40:43 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/02 02:18:55 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/07/02 02:18:55 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/07/02 02:18:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 17:31:44 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/07/02 02:18:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/02 02:18:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/23 19:41:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/11/23 19:40:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/18 22:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/25 17:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 17:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]

IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 01:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components [2009/07/13 23:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]

[2010/09/03 19:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luli\Application Data\Mozilla\Extensions
[2010/09/03 19:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luli\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/29 11:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luli\Application Data\Mozilla\Firefox\Profiles\jb86guyn.default\extensions
[2011/10/01 11:21:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Luli\Application Data\Mozilla\Firefox\Profiles\jb86guyn.default\extensions\{09ee7db3-134a-43b1-9977-7293a87f569c}
[2010/01/13 23:47:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Luli\Application Data\Mozilla\Firefox\Profiles\jb86guyn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/28 12:29:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Luli\Application Data\Mozilla\Firefox\Profiles\jb86guyn.default\extensions\{9d5b705c-2c3a-47dc-b3a3-fba8cab6431e}
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/07 01:15:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {07B10FD3-694F-4B43-866D-7FEF0E396525} - C:\Documents and Settings\Baba\Local Settings\Application Data\ExplorerCodec.dll (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {0E33B7F1-B674-4F8D-8E83-6E56B158A840} - C:\Documents and Settings\Baba\Local Settings\Application Data\ExplorerCodec.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Western Digital Update] C:\Documents and Settings\Baba\Local Settings\Application Data\Western Digital\WesternUpdate\Westernupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Western Digital Update] C:\Documents and Settings\Baba\Local Settings\Application Data\Western Digital\WesternUpdate\Westernupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Western Digital Update] C:\Documents and Settings\Baba\Local Settings\Application Data\Western Digital\WesternUpdate\Westernupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Western Digital Update] C:\Documents and Settings\Baba\Local Settings\Application Data\Western Digital\WesternUpdate\Westernupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe File not found
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [MicrosoftBackupPolicy] C:\Documents and Settings\All Users.WINDOW2\Application Data\MicrosoftBackupPolicy.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [Western Digital Update] C:\Documents and Settings\Baba\Local Settings\Application Data\Western Digital\WesternUpdate\Westernupdt32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Danae Saklas\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\moo-sou1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\moo-sou1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 11:29:31 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOW2\Application Data\MicrosoftBackupPolicy.dll
[2011/09/14 22:21:41 | 000,000,000 | ---D | C] -- C:\Car Stuff
[2011/09/08 23:39:55 | 000,000,000 | ---D | C] -- C:\WINDOW2\Out of the Park Baseball
[4 C:\WINDOW2\*.tmp files -> C:\WINDOW2\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/01 10:27:05 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/01 10:25:52 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/01 09:00:55 | 000,000,290 | ---- | M] () -- C:\WINDOW2\tasks\Norton SystemWorks One Button Checkup.job
[2011/10/01 04:00:02 | 000,000,388 | ---- | M] () -- C:\WINDOW2\tasks\Norton AntiVirus - Baba - Full System Scan.job
[2011/09/30 14:56:20 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/09/30 14:56:17 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 13:59:05 | 000,000,213 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/09/26 13:56:33 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/09/25 23:47:41 | 001,045,386 | ---- | M] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:50 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/25 23:40:59 | 001,045,546 | ---- | M] () -- C:\WINDOW2\dickinson1.bmp
[2011/09/25 23:36:24 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel2.bmp
[2011/09/25 23:35:40 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel1.bmp
[4 C:\WINDOW2\*.tmp files -> C:\WINDOW2\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/25 23:47:39 | 001,045,386 | ---- | C] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:48 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/14 23:34:24 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/18 07:25:23 | 000,008,844 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\erxh46ohp5s40vd23yxlj11wrf
[2011/08/17 19:26:02 | 000,001,296 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\2wllyxxvw23613v58lce
[2011/07/31 01:15:52 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\otj0o7dc0gsxuv5406qh58
[2011/07/24 15:28:19 | 000,001,384 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\3ynp0gaphb6
[2011/07/11 14:14:55 | 000,007,232 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\078ygf0i0303
[2011/07/04 16:49:45 | 000,001,324 | ---- | C] () -- C:\WINDOW2\System32\d3d9caps.dat
[2011/07/04 01:28:41 | 000,013,216 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,213 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 20:38:52 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Luli\Application Data\PFP120JPR.{PB
[2009/07/10 20:38:52 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Luli\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/09 11:50:10 | 000,046,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\LuUninstall.LiveUpdate
[2009/07/08 01:40:18 | 000,089,312 | ---- | C] () -- C:\WINDOW2\N6Uninst.exe
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/07 01:54:29 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Luli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/11/01 08:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOW2\System32\xvidvfw.dll
[2006/11/01 08:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOW2\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat
[2004/10/26 18:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOW2\System32\qt-mt331.dll

========== LOP Check ==========

[2009/12/13 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/03/29 20:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2007/08/12 13:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/12/10 20:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2007/06/18 15:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/06/03 06:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2008/04/23 17:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/04/10 13:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2006/02/04 19:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/10/29 12:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2005/10/29 12:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2006/12/19 08:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/22 12:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/17 21:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ypmtgrih
[2009/01/30 14:16:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/12/13 13:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Avery
[2009/09/01 23:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\FileOpen
[2009/09/20 13:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IMSI
[2009/12/14 00:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IProt
[2009/07/08 02:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Juniper Networks
[2009/07/09 00:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\PCSettings
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\ScanSoft
[2009/08/18 23:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanAppDataDir
[2009/08/18 23:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanWizard
[2009/12/27 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\WD_SmartWareCommon
[2011/03/02 01:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Western Digital
[2005/11/24 22:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\acccore
[2006/02/08 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\Canon
[2006/09/12 11:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\FileOpen
[2005/11/25 07:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\Thunderbird
[2011/09/26 13:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Canon
[2009/07/09 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\DeepBurner
[2009/09/01 23:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\FileOpen
[2009/09/20 13:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\IMSI
[2010/12/14 10:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Juniper Networks
[2009/07/06 20:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Netscape
[2009/07/09 21:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NewSoft
[2011/03/24 22:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NSBackup
[2010/06/24 13:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\OpenOffice.org
[2011/09/08 23:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Out of the Park Developments
[2009/07/09 21:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\ScanSoft
[2009/12/31 20:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\TechWizard
[2010/09/03 18:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Thunderbird
[2009/08/25 00:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Uniblue
[2009/12/27 01:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Western Digital
[2005/11/22 12:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danae Saklas\Application Data\acccore
[2006/05/09 11:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danae Saklas\Application Data\Canon
[2006/05/10 16:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danae Saklas\Application Data\FileOpen
[2006/05/14 07:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danae Saklas\Application Data\Thunderbird
[2005/11/24 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\acccore
[2008/01/01 12:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\BitTorrent
[2005/11/30 19:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Canon
[2006/09/27 20:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Configuration
[2008/01/01 12:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\DNA
[2006/02/13 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\FileOpen
[2008/03/05 02:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\IMSI
[2008/04/23 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Juniper Networks
[2005/11/04 15:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Netscape
[2008/09/29 09:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Nuance
[2005/10/29 12:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\ScanSoft
[2006/07/08 09:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Seven Zip
[2005/12/01 19:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Simple Star
[2005/12/01 19:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Snapfish
[2005/10/19 18:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Thunderbird
[2006/02/13 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\WebPublisherDemo
[2006/07/08 09:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\{4588FC3C-C040-44E3-BB19-D9D014557FE1}
[2011/07/26 21:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Canon
[2009/09/04 16:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\FileOpen
[2010/08/09 20:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\NewSoft
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\ScanSoft
[2010/09/03 19:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Thunderbird
[2009/07/03 07:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner
[2008/08/16 08:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Canon
[2006/02/20 15:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\FileOpen
[2008/04/10 13:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Nuance
[2007/08/02 15:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\ScanSoft
[2006/02/23 02:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Thunderbird
[2006/04/05 06:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\WebPublisherDemo

========== Purity Check ==========



< End of report >





Also, I get an icon on my desktop named: fpfkbfxlzm.tmp

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, jsaklas! Welcome to GeeksToGo! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Now let's get started!

Step 1.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 2.

  • Download OTL to your Desktop or skip to next step if already on your desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Select Use Safe List under Extra Registry
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    C:\Windows\assembly\tmp\U /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.


Step 3.

Post:
aswMBR log
OTL.txt
Extras.txt



Step 4.

Also please tell me what antivirus scans you have already done and what they found.
  • 0

#3
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

Thanks for the help.

I have run AVIRA Anti-Virus (Premium) and Malwarebytes Anti-Malware (Free version) yesterday.

Below are the aswMBR, OTL and OTL Extras ouput logs:


jsaklas


-------------------------------


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-06 02:25:03
-----------------------------
02:25:03.078 OS Version: Windows 5.1.2600 Service Pack 3
02:25:03.078 Number of processors: 1 586 0x207
02:25:03.078 ComputerName: JAMES-HOME UserName: Baba
02:25:13.875 Initialize success
02:25:56.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
02:25:56.812 Disk 0 Vendor: WDC_WD800JB-00FMA0 13.03G13 Size: 76319MB BusType: 3
02:25:56.828 Disk 0 MBR read successfully
02:25:56.828 Disk 0 MBR scan
02:25:56.828 Disk 0 Windows XP default MBR code
02:25:56.843 Disk 0 scanning sectors +156296385
02:25:56.953 Disk 0 scanning C:\WINDOW2\system32\drivers
02:26:29.500 Service scanning
02:26:33.296 Modules scanning
02:26:51.812 Disk 0 trace - called modules:
02:26:51.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
02:26:51.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2d8ab8]
02:26:51.843 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8a2bc9e8]
02:26:51.843 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a2bad98]
02:26:52.359 Scan finished successfully
02:29:04.140 Disk 0 MBR has been saved successfully to "C:\Computer\MBR.dat"
02:29:04.140 The log file has been saved successfully to "C:\Computer\aswMBR 10-06.txt"


-------------------------------


OTL logfile created on: 10/6/2011 3:01:49 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.45% Memory free
2.11 Gb Paging File | 1.62 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 13.18 Gb Free Space | 17.68% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 31.00 Gb Free Space | 83.19% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Desktop\OTL.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 02:18:55 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/07/02 02:18:55 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/07/02 02:18:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 17:31:44 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/23 19:40:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/11/23 19:40:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:52 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/09/25 17:52:04 | 000,085,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\NswUiTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/05/08 08:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:40:36 | 006,277,280 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/11/23 19:40:43 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/02 02:18:55 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/07/02 02:18:55 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/07/02 02:18:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 17:31:44 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/07/02 02:18:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/02 02:18:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/23 19:41:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/11/23 19:40:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/18 22:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/25 17:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 17:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]

IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54889
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/29 11:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2011/10/03 23:32:24 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{09ee7db3-134a-43b1-9977-7293a87f569c}
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/28 12:29:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{9d5b705c-2c3a-47dc-b3a3-fba8cab6431e}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Danae Saklas\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\dickinson2.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\dickinson2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer
[2011/09/14 22:21:41 | 000,000,000 | ---D | C] -- C:\Car Stuff
[2011/09/08 23:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Games
[2011/09/08 23:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Out of the Park Developments
[4 C:\WINDOW2\*.tmp files -> C:\WINDOW2\*.tmp -> ]
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/06 00:42:44 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/06 00:41:37 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/05 07:52:47 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/05 07:52:44 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/04 02:02:08 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\fbcae6b5
[2011/10/04 01:56:04 | 000,002,755 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\0cb2914f
[2011/10/04 01:54:45 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\1b17194a
[2011/10/01 09:00:55 | 000,000,290 | ---- | M] () -- C:\WINDOW2\tasks\Norton SystemWorks One Button Checkup.job
[2011/10/01 04:00:02 | 000,000,388 | ---- | M] () -- C:\WINDOW2\tasks\Norton AntiVirus - Baba - Full System Scan.job
[2011/09/28 11:30:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/09/26 13:59:05 | 000,000,213 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/09/26 13:56:33 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/09/25 23:47:41 | 001,045,386 | ---- | M] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:50 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/25 23:40:59 | 001,045,546 | ---- | M] () -- C:\WINDOW2\dickinson1.bmp
[2011/09/25 23:36:24 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel2.bmp
[2011/09/25 23:35:40 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel1.bmp
[2011/09/15 10:03:11 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOW2\*.tmp files -> C:\WINDOW2\*.tmp -> ]
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2011/09/28 11:56:08 | 000,002,755 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\0cb2914f
[2011/09/28 11:56:00 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\1b17194a
[2011/09/28 11:42:58 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\fbcae6b5
[2011/09/25 23:47:39 | 001,045,386 | ---- | C] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:48 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/14 23:34:24 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/18 07:25:23 | 000,008,844 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\erxh46ohp5s40vd23yxlj11wrf
[2011/08/18 07:25:23 | 000,008,844 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\erxh46ohp5s40vd23yxlj11wrf
[2011/08/17 19:26:02 | 000,001,296 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\2wllyxxvw23613v58lce
[2011/08/17 19:26:02 | 000,001,296 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\2wllyxxvw23613v58lce
[2011/08/08 23:23:27 | 000,002,928 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\6E92.F8A
[2011/07/31 01:15:52 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\otj0o7dc0gsxuv5406qh58
[2011/07/31 01:15:52 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\otj0o7dc0gsxuv5406qh58
[2011/07/24 15:28:19 | 000,001,384 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\3ynp0gaphb6
[2011/07/24 15:28:19 | 000,001,384 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\3ynp0gaphb6
[2011/07/11 14:14:55 | 000,007,232 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\078ygf0i0303
[2011/07/11 14:14:55 | 000,007,232 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\078ygf0i0303
[2011/07/04 16:49:45 | 000,001,324 | ---- | C] () -- C:\WINDOW2\System32\d3d9caps.dat
[2011/07/04 01:28:41 | 000,013,216 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2011/07/04 01:28:41 | 000,013,216 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,213 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/09 11:50:10 | 000,046,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\LuUninstall.LiveUpdate
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/11/01 08:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOW2\System32\xvidvfw.dll
[2006/11/01 08:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOW2\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat
[2004/10/26 18:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOW2\System32\qt-mt331.dll

========== LOP Check ==========

[2009/12/13 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/03/29 20:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2007/08/12 13:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/12/10 20:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2007/06/18 15:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/06/03 06:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2008/04/23 17:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/04/10 13:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2006/02/04 19:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/10/29 12:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2005/10/29 12:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2006/12/19 08:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/22 12:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/17 21:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ypmtgrih
[2009/01/30 14:16:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/12/13 13:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Avery
[2009/09/01 23:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\FileOpen
[2009/09/20 13:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IMSI
[2009/12/14 00:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\IProt
[2009/07/08 02:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Juniper Networks
[2009/07/09 00:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\PCSettings
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\ScanSoft
[2009/08/18 23:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanAppDataDir
[2009/08/18 23:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\SSScanWizard
[2009/12/27 03:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\WD_SmartWareCommon
[2011/03/02 01:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Western Digital
[2005/11/24 22:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\acccore
[2006/02/08 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\Canon
[2006/09/12 11:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\FileOpen
[2005/11/25 07:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ariadne Saklas\Application Data\Thunderbird
[2011/09/26 13:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Canon
[2009/07/09 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\DeepBurner
[2009/09/01 23:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\FileOpen
[2009/09/20 13:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\IMSI
[2010/12/14 10:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Juniper Networks
[2009/07/06 20:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Netscape
[2009/07/09 21:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NewSoft
[2011/03/24 22:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NSBackup
[2010/06/24 13:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\OpenOffice.org
[2009/07/09 21:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\ScanSoft
[2009/12/31 20:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\TechWizard
[2010/09/03 18:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Thunderbird
[2009/08/25 00:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Uniblue
[2009/12/27 01:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Western Digital
[2005/11/22 12:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danae Saklas\Application Data\acccore
[2006/05/09 11:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danae Saklas\Application Data\Canon
[2006/05/10 16:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danae Saklas\Application Data\FileOpen
[2006/05/14 07:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danae Saklas\Application Data\Thunderbird
[2005/11/24 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\acccore
[2008/01/01 12:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\BitTorrent
[2005/11/30 19:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Canon
[2006/09/27 20:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Configuration
[2008/01/01 12:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\DNA
[2006/02/13 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\FileOpen
[2008/03/05 02:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\IMSI
[2008/04/23 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Juniper Networks
[2005/11/04 15:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Netscape
[2008/09/29 09:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Nuance
[2005/10/29 12:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\ScanSoft
[2006/07/08 09:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Seven Zip
[2005/12/01 19:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Simple Star
[2005/12/01 19:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Snapfish
[2005/10/19 18:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\Thunderbird
[2006/02/13 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\WebPublisherDemo
[2006/07/08 09:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\{4588FC3C-C040-44E3-BB19-D9D014557FE1}
[2011/07/26 21:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Canon
[2009/09/04 16:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\FileOpen
[2010/08/09 20:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\NewSoft
[2009/08/18 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\ScanSoft
[2010/09/03 19:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luli\Application Data\Thunderbird
[2009/07/03 07:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner
[2008/08/16 08:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Canon
[2006/02/20 15:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\FileOpen
[2008/04/10 13:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Nuance
[2007/08/02 15:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\ScanSoft
[2006/02/23 02:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\Thunderbird
[2006/04/05 06:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosalia Saklas\Application Data\WebPublisherDemo

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/09/19 19:07:48 | 000,045,568 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\gmer.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOW2\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOW2\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOW2\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOW2\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< C:\Windows\assembly\tmp\U /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/02 18:35:18 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< End of report >



---------------------------


OTL Extras logfile created on: 10/6/2011 3:01:49 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.45% Memory free
2.11 Gb Paging File | 1.62 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 13.18 Gb Free Space | 17.68% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 31.00 Gb Free Space | 83.19% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\WINDOW2\LMI1D.tmp\lmi_rescue.exe" = C:\WINDOW2\LMI1D.tmp\lmi_rescue.exe:*:Disabled:LogMeIn Rescue
"C:\Documents and Settings\Baba\Local Settings\Temp\7zS459.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\7zS459.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Baba\Local Settings\Temp\7zS45C.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\7zS45C.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Baba\Local Settings\Temp\7zS45F.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\7zS45F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Baba\Local Settings\Temp\7zS1.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\7zS1.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\WINDOW2\LMI1F0.tmp\lmi_rescue.exe" = C:\WINDOW2\LMI1F0.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7EFB99A8-465B-4B2F-B97F-F9C687449081}" = WinBASIC 2.0
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"FL 2001 Registration" = FL 2001 Registration
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeZip" = FreeZip
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Java Web Start" = Java Web Start
"jZip" = jZip
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"PDF Editor 2" = PDF Editor 2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF3.1" = PrimoPDF
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2011 11:36:22 PM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.1.4259, faulting
module mozalloc.dll, version 6.0.1.4259, fault address 0x00001a39.

Error - 9/8/2011 10:25:37 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 10:25:41 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module mozalloc.dll, version 6.0.2.4262, fault address 0x00001a39.

Error - 9/8/2011 11:43:15 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application ootp11.exe, version 11.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2011 1:18:44 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module nspr4.dll, version 4.8.9.0, fault address 0x000092ac.

Error - 9/28/2011 5:02:50 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2011 11:01:16 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:00:33 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:01:39 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/5/2011 7:56:37 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/4/2011 3:27:12 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/5/2011 7:23:10 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WDFME service.

Error - 10/5/2011 7:23:12 AM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/5/2011 7:25:48 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/5/2011 7:25:48 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/5/2011 7:25:55 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/5/2011 7:36:01 AM | Computer Name = JAMES-HOME | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.

Error - 10/5/2011 7:55:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/5/2011 7:55:33 AM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/6/2011 2:18:47 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).


< End of report >
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thank you for the logs. :)



Step 1.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Step 2.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.

OTL Fix

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
    IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
    IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    [2011/10/03 23:32:24 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{09ee7db3-134a-43b1-9977-7293a87f569c}
    [2011/09/28 12:29:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{9d5b705c-2c3a-47dc-b3a3-fba8cab6431e}
    
    O4 - Startup: C:\Documents and Settings\Danae Saklas\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
    [2011/10/04 02:02:08 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\fbcae6b5
    [2011/10/04 01:56:04 | 000,002,755 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\0cb2914f
    [2011/10/04 01:54:45 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\1b17194a
    [2011/08/18 07:25:23 | 000,008,844 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\erxh46ohp5s40vd23yxlj11wrf
    [2011/08/18 07:25:23 | 000,008,844 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\erxh46ohp5s40vd23yxlj11wrf
    [2011/08/17 19:26:02 | 000,001,296 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\2wllyxxvw23613v58lce
    [2011/08/17 19:26:02 | 000,001,296 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\2wllyxxvw23613v58lce
    [2011/07/31 01:15:52 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\otj0o7dc0gsxuv5406qh58
    [2011/07/31 01:15:52 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\otj0o7dc0gsxuv5406qh58
    [2011/07/24 15:28:19 | 000,001,384 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\3ynp0gaphb6
    [2011/07/24 15:28:19 | 000,001,384 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\3ynp0gaphb6
    [2011/07/11 14:14:55 | 000,007,232 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\078ygf0i0303
    [2011/07/11 14:14:55 | 000,007,232 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\078ygf0i0303
    [2011/07/04 01:28:41 | 000,013,216 | -HS- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\8kum22k6t217qt6t0fs10d51118ydm
    [2011/07/04 01:28:41 | 000,013,216 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\8kum22k6t217qt6t0fs10d51118ydm
    [2008/01/01 12:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Saklas\Application Data\BitTorrent
    [2009/08/25 00:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Uniblue
    
    
    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    
    [HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

I noticed that you have two anti-virus programs running ( Avira &Norton Anti-Virus). I strongly recommend that you have only one antivirus product installed and running on your computer at a time. I would recommend you uninstall Norton SystemWorks and keep Avira.

Multiple installed antivirus products can lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.

Therefore, download AppRemover to your desktop, follow the prompts, and remove all the anti-virus programs except one. You will be required to reboot the computer after each removal.

The following removal utility can be used to uninstall the program if the uninstall via Add/remove does not work:

  • Download the Norton removal Tool to your desktop.
  • On the Windows desktop, double-click the Norton removal Tool icon.
  • Follow the on-screen instructions.
  • Note:Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts

Norton should now be removed from your PC.



Step 5.

Run OTL Scan

  • Please reopen Posted Image on your desktop.
  • Please check Scan All Users
  • Under Extra Registry select Use SafeList
  • Click Run Scan
  • Please post the OTL.txt and Extras.txt in the next reply.


Step 6.

Please post the following logs:

Gooredfix.txt
TDSSKiller Log
OTL fix log
OTL.txt
Extras.txt


Also please let me know how the computer is performing
  • 0

#5
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

I will follow your instructions in the next several minutes. First I want to tell you that I will be out of town from early tomorrow morning until late Monday afternoon. Although this will be more than 48 hours, please don't abandon me.

Secondly, I have only AVIRA loaded onto my computer. I do have an old Norton Systemworks, but I uninstalled the Norton Anti-Virus module when I loaded AVIRA.

Thanks, I will now start your instructions for the next phase.


jsaklas
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

First I want to tell you that I will be out of town from early tomorrow morning until late Monday afternoon. Although this will be more than 48 hours, please don't abandon me.

I'll be here when you get back on Monday, have a fun and safe holiday! :)



What Firewall are you using? If you are not using a Norton one or some other non-Microsoft one, please make sure the windows firewall is enabled and on.

Thanks,

CompCav
  • 0

#7
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

Here are the logs. Also, I'm not sure I have any firewall - how can I find out whether or not I have one?

I'll reply to your reply when I return Monday evening.

Thanks much.

--------------------------------------
GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:22 on 07/10/2011 (Baba)
Firefox version 7.0.1 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{09ee7db3-134a-43b1-9977-7293a87f569c}" -> Success!
Deleting "C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{9d5b705c-2c3a-47dc-b3a3-fba8cab6431e}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:52 19/10/2005]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [00:06 20/04/2007]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [00:11 19/07/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [07:49 18/10/2007]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [20:12 17/03/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [09:22 17/07/2008]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [20:17 10/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [23:10 31/12/2002]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [19:27 09/06/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [16:47 24/06/2010]

C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [02:04 26/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:37 09/01/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:46 24/06/2010]

-=E.O.F=-


----------------------------


23:24:42.0640 1004 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
23:24:42.0984 1004 ============================================================
23:24:42.0984 1004 Current date / time: 2011/10/07 23:24:42.0984
23:24:42.0984 1004 SystemInfo:
23:24:42.0984 1004
23:24:42.0984 1004 OS Version: 5.1.2600 ServicePack: 3.0
23:24:42.0984 1004 Product type: Workstation
23:24:42.0984 1004 ComputerName: JAMES-HOME
23:24:42.0984 1004 UserName: Baba
23:24:42.0984 1004 Windows directory: C:\WINDOW2
23:24:42.0984 1004 System windows directory: C:\WINDOW2
23:24:42.0984 1004 Processor architecture: Intel x86
23:24:42.0984 1004 Number of processors: 1
23:24:42.0984 1004 Page size: 0x1000
23:24:42.0984 1004 Boot type: Normal boot
23:24:42.0984 1004 ============================================================
23:24:45.0390 1004 Initialize success
23:25:18.0328 0972 ============================================================
23:25:18.0328 0972 Scan started
23:25:18.0328 0972 Mode: Manual; SigCheck; TDLFS;
23:25:18.0328 0972 ============================================================
23:25:20.0437 0972 Abiosdsk - ok
23:25:20.0734 0972 abp480n5 - ok
23:25:21.0312 0972 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOW2\system32\DRIVERS\ACPI.sys
23:25:22.0015 0972 ACPI - ok
23:25:22.0328 0972 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOW2\system32\drivers\ACPIEC.sys
23:25:22.0578 0972 ACPIEC - ok
23:25:22.0937 0972 adpu160m - ok
23:25:23.0390 0972 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOW2\system32\drivers\aec.sys
23:25:23.0703 0972 aec - ok
23:25:24.0078 0972 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOW2\System32\drivers\afd.sys
23:25:24.0234 0972 AFD - ok
23:25:24.0593 0972 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOW2\system32\DRIVERS\agp440.sys
23:25:24.0843 0972 agp440 - ok
23:25:25.0156 0972 Aha154x - ok
23:25:25.0453 0972 aic78u2 - ok
23:25:25.0781 0972 aic78xx - ok
23:25:26.0109 0972 AliIde - ok
23:25:26.0421 0972 amsint - ok
23:25:26.0796 0972 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOW2\system32\DRIVERS\arp1394.sys
23:25:27.0093 0972 Arp1394 - ok
23:25:27.0406 0972 asc - ok
23:25:27.0703 0972 asc3350p - ok
23:25:28.0000 0972 asc3550 - ok
23:25:28.0359 0972 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOW2\system32\DRIVERS\asyncmac.sys
23:25:28.0593 0972 AsyncMac - ok
23:25:28.0953 0972 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOW2\system32\DRIVERS\atapi.sys
23:25:29.0171 0972 atapi - ok
23:25:29.0453 0972 Atdisk - ok
23:25:29.0812 0972 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOW2\system32\DRIVERS\atmarpc.sys
23:25:30.0078 0972 Atmarpc - ok
23:25:30.0421 0972 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW2\system32\DRIVERS\audstub.sys
23:25:30.0703 0972 audstub - ok
23:25:30.0859 0972 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
23:25:30.0921 0972 avgio - ok
23:25:31.0281 0972 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOW2\system32\DRIVERS\avgntflt.sys
23:25:31.0437 0972 avgntflt - ok
23:25:31.0812 0972 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOW2\system32\DRIVERS\avipbb.sys
23:25:31.0906 0972 avipbb - ok
23:25:32.0234 0972 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW2\system32\drivers\Beep.sys
23:25:32.0500 0972 Beep - ok
23:25:32.0890 0972 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW2\system32\drivers\cbidf2k.sys
23:25:33.0187 0972 cbidf2k - ok
23:25:33.0500 0972 cd20xrnt - ok
23:25:33.0812 0972 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW2\system32\drivers\Cdaudio.sys
23:25:34.0093 0972 Cdaudio - ok
23:25:34.0453 0972 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOW2\system32\drivers\Cdfs.sys
23:25:34.0781 0972 Cdfs - ok
23:25:35.0109 0972 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOW2\system32\DRIVERS\cdrom.sys
23:25:35.0375 0972 Cdrom - ok
23:25:35.0671 0972 Changer - ok
23:25:35.0984 0972 CmdIde - ok
23:25:36.0500 0972 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOW2\system32\drivers\cmaudio.sys
23:25:36.0875 0972 cmpci - ok
23:25:37.0187 0972 Cpqarray - ok
23:25:37.0359 0972 d8a4fef9-85c1-448f-a6f9-2570fb195020 (7f109ab3e0251d73dcb56130bab7826e) C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys
23:25:37.0421 0972 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - warning
23:25:37.0421 0972 d8a4fef9-85c1-448f-a6f9-2570fb195020 - detected UnsignedFile.Multi.Generic (1)
23:25:37.0718 0972 dac2w2k - ok
23:25:38.0015 0972 dac960nt - ok
23:25:38.0343 0972 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOW2\system32\DRIVERS\disk.sys
23:25:38.0609 0972 Disk - ok
23:25:39.0296 0972 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOW2\system32\drivers\dmboot.sys
23:25:40.0046 0972 dmboot - ok
23:25:40.0437 0972 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOW2\system32\drivers\dmio.sys
23:25:40.0765 0972 dmio - ok
23:25:41.0078 0972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW2\system32\drivers\dmload.sys
23:25:41.0375 0972 dmload - ok
23:25:41.0843 0972 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOW2\system32\drivers\DMusic.sys
23:25:42.0125 0972 DMusic - ok
23:25:42.0437 0972 dpti2o - ok
23:25:42.0781 0972 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOW2\system32\drivers\drmkaud.sys
23:25:42.0984 0972 drmkaud - ok
23:25:43.0406 0972 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOW2\system32\drivers\Fastfat.sys
23:25:43.0750 0972 Fastfat - ok
23:25:44.0093 0972 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOW2\system32\DRIVERS\fdc.sys
23:25:44.0312 0972 Fdc - ok
23:25:44.0671 0972 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOW2\system32\drivers\Fips.sys
23:25:44.0937 0972 Fips - ok
23:25:45.0265 0972 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOW2\system32\DRIVERS\flpydisk.sys
23:25:45.0500 0972 Flpydisk - ok
23:25:45.0937 0972 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOW2\system32\drivers\fltmgr.sys
23:25:46.0203 0972 FltMgr - ok
23:25:46.0546 0972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW2\system32\drivers\Fs_Rec.sys
23:25:46.0828 0972 Fs_Rec - ok
23:25:47.0156 0972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOW2\system32\DRIVERS\ftdisk.sys
23:25:47.0500 0972 Ftdisk - ok
23:25:47.0859 0972 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOW2\system32\DRIVERS\gameenum.sys
23:25:48.0078 0972 gameenum - ok
23:25:48.0421 0972 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOW2\system32\DRIVERS\msgpc.sys
23:25:48.0703 0972 Gpc - ok
23:25:49.0046 0972 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOW2\system32\DRIVERS\hidusb.sys
23:25:49.0281 0972 HidUsb - ok
23:25:49.0578 0972 hpn - ok
23:25:50.0015 0972 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOW2\system32\Drivers\HTTP.sys
23:25:50.0250 0972 HTTP - ok
23:25:50.0578 0972 i2omgmt - ok
23:25:50.0875 0972 i2omp - ok
23:25:51.0234 0972 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOW2\system32\DRIVERS\i8042prt.sys
23:25:51.0531 0972 i8042prt - ok
23:25:51.0843 0972 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOW2\system32\DRIVERS\imapi.sys
23:25:52.0093 0972 Imapi - ok
23:25:52.0421 0972 ini910u - ok
23:25:52.0734 0972 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOW2\system32\DRIVERS\intelide.sys
23:25:52.0953 0972 IntelIde - ok
23:25:53.0312 0972 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOW2\system32\DRIVERS\intelppm.sys
23:25:53.0546 0972 intelppm - ok
23:25:53.0875 0972 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOW2\system32\drivers\ip6fw.sys
23:25:54.0140 0972 Ip6Fw - ok
23:25:54.0484 0972 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW2\system32\DRIVERS\ipfltdrv.sys
23:25:54.0781 0972 IpFilterDriver - ok
23:25:55.0140 0972 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOW2\system32\DRIVERS\ipinip.sys
23:25:55.0375 0972 IpInIp - ok
23:25:55.0781 0972 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOW2\system32\DRIVERS\ipnat.sys
23:25:56.0078 0972 IpNat - ok
23:25:56.0453 0972 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOW2\system32\DRIVERS\ipsec.sys
23:25:56.0734 0972 IPSec - ok
23:25:57.0093 0972 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOW2\system32\DRIVERS\irenum.sys
23:25:57.0312 0972 IRENUM - ok
23:25:57.0656 0972 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOW2\system32\DRIVERS\isapnp.sys
23:25:57.0906 0972 isapnp - ok
23:25:58.0203 0972 ivusb - ok
23:25:58.0562 0972 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOW2\system32\DRIVERS\kbdclass.sys
23:25:58.0828 0972 Kbdclass - ok
23:25:59.0218 0972 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOW2\system32\drivers\kmixer.sys
23:25:59.0531 0972 kmixer - ok
23:25:59.0906 0972 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOW2\system32\drivers\KSecDD.sys
23:26:00.0046 0972 KSecDD - ok
23:26:00.0390 0972 lbrtfdc - ok
23:26:00.0796 0972 MBAMSwissArmy - ok
23:26:01.0125 0972 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW2\system32\drivers\mnmdd.sys
23:26:01.0390 0972 mnmdd - ok
23:26:01.0765 0972 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOW2\system32\drivers\Modem.sys
23:26:02.0015 0972 Modem - ok
23:26:02.0359 0972 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOW2\system32\DRIVERS\mouclass.sys
23:26:02.0593 0972 Mouclass - ok
23:26:02.0953 0972 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOW2\system32\DRIVERS\mouhid.sys
23:26:03.0218 0972 mouhid - ok
23:26:03.0609 0972 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOW2\system32\drivers\MountMgr.sys
23:26:03.0875 0972 MountMgr - ok
23:26:04.0171 0972 mraid35x - ok
23:26:04.0546 0972 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOW2\system32\DRIVERS\mrxdav.sys
23:26:04.0921 0972 MRxDAV - ok
23:26:05.0406 0972 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOW2\system32\DRIVERS\mrxsmb.sys
23:26:05.0796 0972 MRxSmb - ok
23:26:06.0171 0972 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOW2\system32\drivers\Msfs.sys
23:26:06.0406 0972 Msfs - ok
23:26:06.0765 0972 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOW2\system32\drivers\MSKSSRV.sys
23:26:07.0015 0972 MSKSSRV - ok
23:26:07.0359 0972 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOW2\system32\drivers\MSPCLOCK.sys
23:26:07.0593 0972 MSPCLOCK - ok
23:26:07.0937 0972 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOW2\system32\drivers\MSPQM.sys
23:26:08.0156 0972 MSPQM - ok
23:26:08.0515 0972 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOW2\system32\DRIVERS\mssmbios.sys
23:26:08.0781 0972 mssmbios - ok
23:26:09.0171 0972 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOW2\system32\drivers\Mup.sys
23:26:09.0296 0972 Mup - ok
23:26:09.0734 0972 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOW2\system32\drivers\NDIS.sys
23:26:10.0031 0972 NDIS - ok
23:26:10.0359 0972 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOW2\system32\DRIVERS\ndistapi.sys
23:26:10.0578 0972 NdisTapi - ok
23:26:10.0968 0972 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOW2\system32\DRIVERS\ndisuio.sys
23:26:11.0218 0972 Ndisuio - ok
23:26:11.0609 0972 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOW2\system32\DRIVERS\ndiswan.sys
23:26:11.0906 0972 NdisWan - ok
23:26:12.0281 0972 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOW2\system32\drivers\NDProxy.sys
23:26:12.0390 0972 NDProxy - ok
23:26:12.0765 0972 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOW2\system32\DRIVERS\netbios.sys
23:26:13.0015 0972 NetBIOS - ok
23:26:13.0437 0972 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOW2\system32\DRIVERS\netbt.sys
23:26:13.0781 0972 NetBT - ok
23:26:14.0156 0972 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOW2\system32\DRIVERS\nic1394.sys
23:26:14.0390 0972 NIC1394 - ok
23:26:14.0781 0972 NPDriver (65194f525aef541eaa5056eb3d53a25b) C:\WINDOW2\system32\Drivers\NPDRIVER.SYS
23:26:14.0875 0972 NPDriver - ok
23:26:15.0265 0972 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOW2\system32\drivers\Npfs.sys
23:26:15.0578 0972 Npfs - ok
23:26:16.0125 0972 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOW2\system32\drivers\Ntfs.sys
23:26:16.0687 0972 Ntfs - ok
23:26:17.0046 0972 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW2\system32\drivers\Null.sys
23:26:17.0343 0972 Null - ok
23:26:20.0234 0972 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOW2\system32\DRIVERS\nv4_mini.sys
23:26:25.0406 0972 nv - ok
23:26:25.0796 0972 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW2\system32\DRIVERS\nwlnkflt.sys
23:26:26.0078 0972 NwlnkFlt - ok
23:26:26.0406 0972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW2\system32\DRIVERS\nwlnkfwd.sys
23:26:26.0703 0972 NwlnkFwd - ok
23:26:27.0062 0972 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOW2\system32\DRIVERS\ohci1394.sys
23:26:27.0328 0972 ohci1394 - ok
23:26:27.0687 0972 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOW2\system32\drivers\Parport.sys
23:26:27.0984 0972 Parport - ok
23:26:28.0312 0972 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOW2\system32\drivers\PartMgr.sys
23:26:28.0546 0972 PartMgr - ok
23:26:28.0875 0972 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOW2\system32\drivers\ParVdm.sys
23:26:29.0140 0972 ParVdm - ok
23:26:29.0484 0972 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOW2\system32\DRIVERS\pci.sys
23:26:29.0750 0972 PCI - ok
23:26:30.0046 0972 PCIDump - ok
23:26:30.0359 0972 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOW2\system32\drivers\PCIIde.sys
23:26:30.0625 0972 PCIIde - ok
23:26:31.0015 0972 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOW2\system32\drivers\Pcmcia.sys
23:26:31.0265 0972 Pcmcia - ok
23:26:31.0625 0972 PDCOMP - ok
23:26:31.0937 0972 PDFRAME - ok
23:26:32.0250 0972 PDRELI - ok
23:26:32.0546 0972 PDRFRAME - ok
23:26:32.0843 0972 perc2 - ok
23:26:33.0140 0972 perc2hib - ok
23:26:33.0515 0972 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOW2\system32\DRIVERS\raspptp.sys
23:26:33.0765 0972 PptpMiniport - ok
23:26:34.0109 0972 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOW2\system32\DRIVERS\psched.sys
23:26:34.0359 0972 PSched - ok
23:26:34.0687 0972 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW2\system32\DRIVERS\ptilink.sys
23:26:34.0968 0972 Ptilink - ok
23:26:35.0250 0972 ql1080 - ok
23:26:35.0546 0972 Ql10wnt - ok
23:26:35.0859 0972 ql12160 - ok
23:26:36.0156 0972 ql1240 - ok
23:26:36.0453 0972 ql1280 - ok
23:26:36.0750 0972 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW2\system32\DRIVERS\rasacd.sys
23:26:37.0046 0972 RasAcd - ok
23:26:37.0390 0972 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOW2\system32\DRIVERS\rasl2tp.sys
23:26:37.0656 0972 Rasl2tp - ok
23:26:37.0984 0972 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOW2\system32\DRIVERS\raspppoe.sys
23:26:38.0234 0972 RasPppoe - ok
23:26:38.0593 0972 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW2\system32\DRIVERS\raspti.sys
23:26:38.0859 0972 Raspti - ok
23:26:39.0281 0972 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOW2\system32\DRIVERS\rdbss.sys
23:26:39.0578 0972 Rdbss - ok
23:26:39.0906 0972 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW2\system32\DRIVERS\RDPCDD.sys
23:26:40.0187 0972 RDPCDD - ok
23:26:40.0640 0972 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOW2\system32\drivers\RDPWD.sys
23:26:40.0968 0972 RDPWD - ok
23:26:41.0328 0972 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOW2\system32\DRIVERS\redbook.sys
23:26:41.0578 0972 redbook - ok
23:26:41.0953 0972 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW2\system32\DRIVERS\RTL8139.SYS
23:26:42.0203 0972 rtl8139 - ok
23:26:42.0578 0972 SDdriver (11b5e1da4566a68a881a7d73222f4c78) C:\WINDOW2\system32\Drivers\sddriver.sys
23:26:42.0687 0972 SDdriver - ok
23:26:43.0046 0972 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOW2\system32\DRIVERS\secdrv.sys
23:26:43.0281 0972 Secdrv - ok
23:26:43.0625 0972 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOW2\system32\drivers\Serial.sys
23:26:43.0875 0972 Serial - ok
23:26:44.0218 0972 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOW2\system32\drivers\Sfloppy.sys
23:26:44.0453 0972 Sfloppy - ok
23:26:44.0781 0972 Simbad - ok
23:26:45.0078 0972 Sparrow - ok
23:26:45.0390 0972 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOW2\system32\drivers\splitter.sys
23:26:45.0593 0972 splitter - ok
23:26:45.0937 0972 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOW2\system32\DRIVERS\sr.sys
23:26:46.0187 0972 sr - ok
23:26:46.0703 0972 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOW2\system32\DRIVERS\srv.sys
23:26:47.0062 0972 Srv - ok
23:26:47.0421 0972 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOW2\system32\DRIVERS\ssmdrv.sys
23:26:47.0484 0972 ssmdrv - ok
23:26:47.0812 0972 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOW2\system32\DRIVERS\swenum.sys
23:26:48.0062 0972 swenum - ok
23:26:48.0390 0972 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOW2\system32\drivers\swmidi.sys
23:26:48.0656 0972 swmidi - ok
23:26:48.0968 0972 symc810 - ok
23:26:49.0265 0972 symc8xx - ok
23:26:49.0625 0972 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOW2\system32\Drivers\SYMEVENT.SYS
23:26:49.0734 0972 SymEvent - ok
23:26:50.0015 0972 sym_hi - ok
23:26:50.0312 0972 sym_u3 - ok
23:26:50.0656 0972 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOW2\system32\drivers\sysaudio.sys
23:26:50.0921 0972 sysaudio - ok
23:26:51.0390 0972 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOW2\system32\DRIVERS\tcpip.sys
23:26:51.0796 0972 Tcpip - ok
23:26:52.0218 0972 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOW2\system32\drivers\TDPIPE.sys
23:26:52.0453 0972 TDPIPE - ok
23:26:52.0796 0972 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOW2\system32\drivers\TDTCP.sys
23:26:53.0046 0972 TDTCP - ok
23:26:53.0390 0972 TermDD (88155247177638048422893737429d9e) C:\WINDOW2\system32\DRIVERS\termdd.sys
23:26:53.0640 0972 TermDD - ok
23:26:53.0953 0972 TosIde - ok
23:26:54.0359 0972 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOW2\system32\drivers\Udfs.sys
23:26:54.0625 0972 Udfs - ok
23:26:54.0906 0972 ultra - ok
23:26:55.0406 0972 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOW2\system32\DRIVERS\update.sys
23:26:55.0890 0972 Update - ok
23:26:56.0281 0972 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOW2\system32\DRIVERS\usbehci.sys
23:26:56.0546 0972 usbehci - ok
23:26:56.0890 0972 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOW2\system32\DRIVERS\usbhub.sys
23:26:57.0203 0972 usbhub - ok
23:26:57.0531 0972 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOW2\system32\DRIVERS\usbprint.sys
23:26:57.0765 0972 usbprint - ok
23:26:58.0218 0972 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOW2\system32\DRIVERS\usbscan.sys
23:26:58.0437 0972 usbscan - ok
23:26:58.0796 0972 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOW2\system32\DRIVERS\USBSTOR.SYS
23:26:59.0000 0972 USBSTOR - ok
23:26:59.0328 0972 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOW2\system32\DRIVERS\usbuhci.sys
23:26:59.0546 0972 usbuhci - ok
23:26:59.0875 0972 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOW2\System32\drivers\vga.sys
23:27:00.0140 0972 VgaSave - ok
23:27:00.0468 0972 ViaIde - ok
23:27:00.0828 0972 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOW2\system32\drivers\VolSnap.sys
23:27:01.0078 0972 VolSnap - ok
23:27:01.0421 0972 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOW2\system32\DRIVERS\wanarp.sys
23:27:01.0656 0972 Wanarp - ok
23:27:02.0000 0972 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOW2\system32\DRIVERS\wdcsam.sys
23:27:02.0125 0972 WDC_SAM - ok
23:27:02.0437 0972 WDICA - ok
23:27:02.0812 0972 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOW2\system32\drivers\wdmaud.sys
23:27:03.0062 0972 wdmaud - ok
23:27:03.0500 0972 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOW2\System32\drivers\ws2ifsl.sys
23:27:03.0781 0972 WS2IFSL - ok
23:27:04.0187 0972 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOW2\system32\DRIVERS\WudfPf.sys
23:27:04.0312 0972 WudfPf - ok
23:27:04.0656 0972 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOW2\system32\DRIVERS\wudfrd.sys
23:27:04.0734 0972 WudfRd - ok
23:27:04.0796 0972 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:27:05.0203 0972 \Device\Harddisk0\DR0 - ok
23:27:05.0218 0972 MBR (0x1B8) (a3487e2e4982fb9590c4694bdd6bf26a) \Device\Harddisk1\DR2
23:27:05.0390 0972 \Device\Harddisk1\DR2 - ok
23:27:05.0406 0972 Boot (0x1200) (fc650981a1f3f179c87399ce78457b07) \Device\Harddisk0\DR0\Partition0
23:27:05.0406 0972 \Device\Harddisk0\DR0\Partition0 - ok
23:27:05.0421 0972 Boot (0x1200) (e19f79f86872d4a84bb71b6fe83b8a69) \Device\Harddisk1\DR2\Partition0
23:27:05.0421 0972 \Device\Harddisk1\DR2\Partition0 - ok
23:27:05.0437 0972 ============================================================
23:27:05.0437 0972 Scan finished
23:27:05.0437 0972 ============================================================
23:27:05.0562 1860 Detected object count: 1
23:27:05.0562 1860 Actual detected object count: 1
23:27:29.0546 1860 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:29.0546 1860 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:28:24.0937 3324 Deinitialize success



--------------------------------------------



All processes killed
========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Folder C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{09ee7db3-134a-43b1-9977-7293a87f569c}\ not found.
Folder C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{9d5b705c-2c3a-47dc-b3a3-fba8cab6431e}\ not found.
C:\Documents and Settings\Danae Saklas\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
C:\Documents and Settings\Baba\Application Data\fbcae6b5 moved successfully.
C:\Documents and Settings\Baba\Application Data\0cb2914f moved successfully.
C:\Documents and Settings\Baba\Application Data\1b17194a moved successfully.
C:\Documents and Settings\Baba\Local Settings\Application Data\erxh46ohp5s40vd23yxlj11wrf moved successfully.
C:\Documents and Settings\All Users.WINDOW2\Application Data\erxh46ohp5s40vd23yxlj11wrf moved successfully.
C:\Documents and Settings\Baba\Local Settings\Application Data\2wllyxxvw23613v58lce moved successfully.
C:\Documents and Settings\All Users.WINDOW2\Application Data\2wllyxxvw23613v58lce moved successfully.
C:\Documents and Settings\Baba\Local Settings\Application Data\otj0o7dc0gsxuv5406qh58 moved successfully.
C:\Documents and Settings\All Users.WINDOW2\Application Data\otj0o7dc0gsxuv5406qh58 moved successfully.
C:\Documents and Settings\Baba\Local Settings\Application Data\3ynp0gaphb6 moved successfully.
C:\Documents and Settings\All Users.WINDOW2\Application Data\3ynp0gaphb6 moved successfully.
C:\Documents and Settings\Baba\Local Settings\Application Data\078ygf0i0303 moved successfully.
C:\Documents and Settings\All Users.WINDOW2\Application Data\078ygf0i0303 moved successfully.
C:\Documents and Settings\Baba\Local Settings\Application Data\8kum22k6t217qt6t0fs10d51118ydm moved successfully.
C:\Documents and Settings\All Users.WINDOW2\Application Data\8kum22k6t217qt6t0fs10d51118ydm moved successfully.
C:\Documents and Settings\James Saklas\Application Data\BitTorrent folder moved successfully.
C:\Documents and Settings\Baba\Application Data\Uniblue\RegistryBooster 2009\_temp folder moved successfully.
C:\Documents and Settings\Baba\Application Data\Uniblue\RegistryBooster 2009\history folder moved successfully.
C:\Documents and Settings\Baba\Application Data\Uniblue\RegistryBooster 2009\backup folder moved successfully.
C:\Documents and Settings\Baba\Application Data\Uniblue\RegistryBooster 2009 folder moved successfully.
C:\Documents and Settings\Baba\Application Data\Uniblue folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Desktop\cmd.bat deleted successfully.
C:\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JAMES-HOME2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOW2
->Temp folder emptied: 12288 bytes

User: Ariadne Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Baba
->Temp folder emptied: 1901915 bytes
->Temporary Internet Files folder emptied: 4292766 bytes
->Java cache emptied: 2183 bytes
->FireFox cache emptied: 51954818 bytes
->Flash cache emptied: 2893 bytes

User: Danae

User: Danae Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOW2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: James Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Luli
->Temp folder emptied: 241654601 bytes
->Temporary Internet Files folder emptied: 11501960 bytes
->Java cache emptied: 11592 bytes
->FireFox cache emptied: 50794877 bytes
->Flash cache emptied: 76566 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rosalia Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 2815257000 bytes
%systemroot% .tmp files removed: 364544 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21653170 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26657721 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 38906 bytes
RecycleBin emptied: 2433814 bytes

Total Files Cleaned = 3,079.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.JAMES-HOME2

User: All Users

User: All Users.WINDOW2

User: Ariadne Saklas
->Flash cache emptied: 0 bytes

User: Baba
->Flash cache emptied: 0 bytes

User: Danae

User: Danae Saklas
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOW2
->Flash cache emptied: 0 bytes

User: James Saklas
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: Luli
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

User: Owner
->Flash cache emptied: 0 bytes

User: Rosalia Saklas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10072011_233054

Files\Folders moved on Reboot...
C:\Documents and Settings\All Users.WINDOW2\Local Settings\Temp\174eff8a.com moved successfully.

Registry entries deleted on Reboot...



-------------------------------------



OTL logfile created on: 10/8/2011 12:24:26 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 59.96% Memory free
2.11 Gb Paging File | 1.59 Gb Available in Paging File | 75.58% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.62 Gb Free Space | 20.97% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 31.00 Gb Free Space | 83.19% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Desktop\OTL.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 02:18:55 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/07/02 02:18:55 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/07/02 02:18:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 17:31:44 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/23 19:40:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/11/23 19:40:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:52 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/09/25 17:52:04 | 000,085,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\NswUiTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/05/08 08:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:40:36 | 006,277,280 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/02 02:42:23 | 000,998,400 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/02 02:33:33 | 017,403,904 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
MOD - [2011/07/02 02:00:06 | 000,141,312 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:56:50 | 000,627,712 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
MOD - [2011/07/02 01:56:39 | 000,627,200 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/02 01:56:26 | 006,616,576 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/02 01:51:26 | 000,015,872 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
MOD - [2011/07/02 01:49:56 | 005,450,752 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/02 01:49:45 | 000,971,264 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/02 01:46:46 | 002,933,248 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/02 01:46:24 | 000,261,632 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/11/23 19:40:43 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/11/08 14:16:50 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/02 02:18:55 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/07/02 02:18:55 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/07/02 02:18:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 17:31:44 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/07/02 02:18:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/02 02:18:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/23 19:41:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/11/23 19:40:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/18 22:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/25 17:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 17:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54889
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [{7FB644AF-C1B3-F973-93FD-BC72DAABCAAC}] C:\Documents and Settings\Baba\Application Data\Xopix\qoro.exe ()
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2600 = C:\DOCUME~1\ALLUSE~1.WIN\LOCALS~1\Temp\174eff8a.com
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\dietrich1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\dietrich1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 23:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Desktop\GooredFix Backups
[2011/10/07 23:12:10 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:10:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer
[2011/09/14 22:21:41 | 000,000,000 | ---D | C] -- C:\Car Stuff
[2011/09/08 23:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Games
[2011/09/08 23:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Out of the Park Developments
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 00:00:09 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/07 23:58:59 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/07 23:58:42 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/07 23:58:21 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 23:15:06 | 000,004,730 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 23:11:19 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:07:54 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/07 22:48:59 | 001,045,398 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[2011/10/01 09:00:55 | 000,000,290 | ---- | M] () -- C:\WINDOW2\tasks\Norton SystemWorks One Button Checkup.job
[2011/10/01 04:00:02 | 000,000,388 | ---- | M] () -- C:\WINDOW2\tasks\Norton AntiVirus - Baba - Full System Scan.job
[2011/09/28 11:30:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/09/26 13:59:05 | 000,000,213 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/09/26 13:56:33 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/09/25 23:47:41 | 001,045,386 | ---- | M] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:50 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/25 23:40:59 | 001,045,546 | ---- | M] () -- C:\WINDOW2\dickinson1.bmp
[2011/09/25 23:36:24 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel2.bmp
[2011/09/25 23:35:40 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel1.bmp
[2011/09/15 10:03:11 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/07 23:15:06 | 000,004,730 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 22:48:57 | 001,045,398 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2011/09/25 23:47:39 | 001,045,386 | ---- | C] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:48 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/14 23:34:24 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/08 23:23:27 | 000,002,928 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\6E92.F8A
[2011/07/04 16:49:45 | 000,001,324 | ---- | C] () -- C:\WINDOW2\System32\d3d9caps.dat
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,213 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/09 11:50:10 | 000,046,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\LuUninstall.LiveUpdate
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/11/01 08:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOW2\System32\xvidvfw.dll
[2006/11/01 08:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOW2\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat
[2004/10/26 18:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOW2\System32\qt-mt331.dll

< End of report >


-------------------------------------------



OTL Extras logfile created on: 10/8/2011 12:24:26 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 59.96% Memory free
2.11 Gb Paging File | 1.59 Gb Available in Paging File | 75.58% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.62 Gb Free Space | 20.97% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 31.00 Gb Free Space | 83.19% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\WINDOW2\LMI1D.tmp\lmi_rescue.exe" = C:\WINDOW2\LMI1D.tmp\lmi_rescue.exe:*:Disabled:LogMeIn Rescue
"C:\Documents and Settings\Baba\Local Settings\Temp\7zS459.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\7zS459.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Baba\Local Settings\Temp\7zS45C.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\7zS45C.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Baba\Local Settings\Temp\7zS45F.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\7zS45F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Baba\Local Settings\Temp\7zS1.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\7zS1.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\WINDOW2\LMI1F0.tmp\lmi_rescue.exe" = C:\WINDOW2\LMI1F0.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7EFB99A8-465B-4B2F-B97F-F9C687449081}" = WinBASIC 2.0
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"FL 2001 Registration" = FL 2001 Registration
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeZip" = FreeZip
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Java Web Start" = Java Web Start
"jZip" = jZip
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"PDF Editor 2" = PDF Editor 2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF3.1" = PrimoPDF
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2011 10:25:37 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 10:25:41 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module mozalloc.dll, version 6.0.2.4262, fault address 0x00001a39.

Error - 9/8/2011 11:43:15 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application ootp11.exe, version 11.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2011 1:18:44 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module nspr4.dll, version 4.8.9.0, fault address 0x000092ac.

Error - 9/28/2011 5:02:50 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2011 11:01:16 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:00:33 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:01:39 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/5/2011 7:56:37 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2011 11:24:35 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

[ System Events ]
Error - 10/7/2011 9:07:21 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7001
Description = The Avira AntiVir MailGuard service depends on the Avira AntiVir Guard
service which failed to start because of the following error: %%1070

Error - 10/7/2011 9:07:22 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7001
Description = The Avira AntiVir WebGuard service depends on the Avira AntiVir Guard
service which failed to start because of the following error: %%1070

Error - 10/7/2011 11:30:56 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/7/2011 11:30:56 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/7/2011 11:30:57 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Speed Disk service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/7/2011 11:30:57 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WDDMService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/7/2011 11:30:58 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/7/2011 11:30:58 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WD File Management Shadow Engine service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/7/2011 11:30:59 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/7/2011 11:59:26 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.


< End of report >
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thank you for the logs and running the fix, I hope you are noticing an improvement in your computer performance. We are making progress but we have additional work to do.

Step 1.

OTL Fix

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    :OTL
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
    FF - prefs.js..network.proxy.http_port: 54889
    O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [{7FB644AF-C1B3-F973-93FD-BC72DAABCAAC}] C:\Documents and Settings\Baba\Application Data\Xopix\qoro.exe ()
    
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = DWORD:0
    "AntiVirusOverride" = DWORD:0
    "FirewallOverride" = DWORD:0
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = DWORD:1 
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\Baba\Local Settings\Temp\7zS459.tmp\SymNRT.exe" =-
    "C:\Documents and Settings\Baba\Local Settings\Temp\7zS45C.tmp\SymNRT.exe" =-
    "C:\Documents and Settings\Baba\Local Settings\Temp\7zS45F.tmp\SymNRT.exe" =-
    "C:\Documents and Settings\Baba\Local Settings\Temp\7zS1.tmp\SymNRT.exe" =-
    "C:\WINDOW2\LMI1D.tmp\lmi_rescue.exe" =-
    "C:\WINDOW2\LMI1F0.tmp\lmi_rescue.exe" =-
    
    :Files
    C:\Documents and Settings\Baba\Application Data\Xopix
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



Step 2.

If you are not using Norton SystemWorks, I would recommend using the Norton Uninstall Tool to completely remove it. The program installs in several places on your computer and to ensure peak performance we recommend it be completely uninstalled.


Step 3.

Run OTL Scan

  • Please reopen Posted Image on your desktop.
  • Please check Scan All Users
  • Under Extra Registry select Use SafeList
  • Click Run Scan
  • Please post the OTL.txt and Extras.txt in the next reply.


Step 4.

Please post the following logs:


OTL fix log
OTL.txt
Extras.txt



Step 5.

How is the computer performing now? Please let me know so we can tailor the next steps efficiently!
  • 0

#9
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

I'm back from my trip.

I have not yet uninstalled the Norton System Works. Since I uninstalled the Norton Anti-Virus module I don't think I've had any trouble with it. I don't believe it runs anything in the background - at least nothing recognized by the Task Manager. Some of the diagnostics in Systemworks are useful so I would like to either keep it or replace it with something better. IF, of course, it is one reason that my computer is not operating properly, then I will remove it - If I do so, can you recommend a substitute. (Are you familiar with Systemworks' capabilities?)

Now I have run the OTL Fix and below are the OTL Fix, the OTL.txt and the Extras.txt logs.

----------------------------------

All processes killed
========== OTL ==========
Prefs.js: "chrf-i3752" removed from browser.search.param.yahoo-fr
Prefs.js: "chrf-i3752" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: 54889 removed from network.proxy.http_port
Registry value HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\{7FB644AF-C1B3-F973-93FD-BC72DAABCAAC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FB644AF-C1B3-F973-93FD-BC72DAABCAAC}\ not found.
C:\Documents and Settings\Baba\Application Data\Xopix\qoro.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" | DWORD:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | DWORD:1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Baba\Local Settings\Temp\7zS459.tmp\SymNRT.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Baba\Local Settings\Temp\7zS45C.tmp\SymNRT.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Baba\Local Settings\Temp\7zS45F.tmp\SymNRT.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Baba\Local Settings\Temp\7zS1.tmp\SymNRT.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOW2\LMI1D.tmp\lmi_rescue.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOW2\LMI1F0.tmp\lmi_rescue.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\Baba\Application Data\Xopix folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Desktop\cmd.bat deleted successfully.
C:\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JAMES-HOME2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOW2
->Temp folder emptied: 0 bytes

User: Ariadne Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Baba
->Temp folder emptied: 1976 bytes
->Temporary Internet Files folder emptied: 33184 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29949695 bytes
->Flash cache emptied: 584 bytes

User: Danae

User: Danae Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOW2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: James Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Luli
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rosalia Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.JAMES-HOME2

User: All Users

User: All Users.WINDOW2

User: Ariadne Saklas
->Flash cache emptied: 0 bytes

User: Baba
->Flash cache emptied: 0 bytes

User: Danae

User: Danae Saklas
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOW2
->Flash cache emptied: 0 bytes

User: James Saklas
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: Luli
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

User: Owner
->Flash cache emptied: 0 bytes

User: Rosalia Saklas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10102011_143434


-------------------------------


OTL logfile created on: 10/10/2011 3:01:46 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 61.58% Memory free
2.11 Gb Paging File | 1.65 Gb Available in Paging File | 78.30% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.46 Gb Free Space | 20.74% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 31.00 Gb Free Space | 83.19% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Desktop\OTL.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 02:18:55 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/07/02 02:18:55 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/07/02 02:18:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 17:31:44 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/23 19:40:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/11/23 19:40:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:52 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/05/08 08:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/02 02:42:23 | 000,998,400 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/02 02:33:33 | 017,403,904 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
MOD - [2011/07/02 02:00:06 | 000,141,312 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:56:50 | 000,627,712 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
MOD - [2011/07/02 01:56:39 | 000,627,200 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/02 01:56:26 | 006,616,576 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/02 01:51:26 | 000,015,872 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
MOD - [2011/07/02 01:49:56 | 005,450,752 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/02 01:49:45 | 000,971,264 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/02 01:46:46 | 002,933,248 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/02 01:46:24 | 000,261,632 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/11/23 19:40:43 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/11/08 14:16:50 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/02 02:18:55 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/07/02 02:18:55 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/07/02 02:18:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 17:31:44 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/07/02 02:18:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/02 02:18:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/23 19:41:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/11/23 19:40:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/18 22:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/25 17:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 17:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [{7FB644AF-C1B3-F973-93FD-BC72DAABCAAC}] "C:\Documents and Settings\Baba\Application Data\Xopix\qoro.exe" File not found
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2600 = C:\DOCUME~1\ALLUSE~1.WIN\LOCALS~1\Temp\174eff8a.com
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\dietrich1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\dietrich1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 23:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Desktop\GooredFix Backups
[2011/10/07 23:12:10 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:10:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer
[2011/09/14 22:21:41 | 000,000,000 | ---D | C] -- C:\Car Stuff
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/10 14:45:43 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/10 14:42:32 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/10 14:42:04 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/10 14:41:39 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 23:15:06 | 000,004,730 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 23:11:19 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:07:54 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/07 22:48:59 | 001,045,398 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[2011/10/01 09:00:55 | 000,000,290 | ---- | M] () -- C:\WINDOW2\tasks\Norton SystemWorks One Button Checkup.job
[2011/10/01 04:00:02 | 000,000,388 | ---- | M] () -- C:\WINDOW2\tasks\Norton AntiVirus - Baba - Full System Scan.job
[2011/09/28 11:30:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/09/26 13:59:05 | 000,000,213 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/09/26 13:56:33 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/09/25 23:47:41 | 001,045,386 | ---- | M] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:50 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/25 23:40:59 | 001,045,546 | ---- | M] () -- C:\WINDOW2\dickinson1.bmp
[2011/09/25 23:36:24 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel2.bmp
[2011/09/25 23:35:40 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel1.bmp
[2011/09/15 10:03:11 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/07 23:15:06 | 000,004,730 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 22:48:57 | 001,045,398 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2011/09/25 23:47:39 | 001,045,386 | ---- | C] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:48 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/14 23:34:24 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/08 23:23:27 | 000,002,928 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\6E92.F8A
[2011/07/04 16:49:45 | 000,001,324 | ---- | C] () -- C:\WINDOW2\System32\d3d9caps.dat
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,213 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/09 11:50:10 | 000,046,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\LuUninstall.LiveUpdate
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/11/01 08:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOW2\System32\xvidvfw.dll
[2006/11/01 08:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOW2\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat
[2004/10/26 18:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOW2\System32\qt-mt331.dll

< End of report >



--------------------------------------




OTL Extras logfile created on: 10/10/2011 3:01:46 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 61.58% Memory free
2.11 Gb Paging File | 1.65 Gb Available in Paging File | 78.30% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.46 Gb Free Space | 20.74% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 31.00 Gb Free Space | 83.19% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7EFB99A8-465B-4B2F-B97F-F9C687449081}" = WinBASIC 2.0
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"FL 2001 Registration" = FL 2001 Registration
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeZip" = FreeZip
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Java Web Start" = Java Web Start
"jZip" = jZip
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"PDF Editor 2" = PDF Editor 2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF3.1" = PrimoPDF
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2011 10:25:37 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 10:25:41 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module mozalloc.dll, version 6.0.2.4262, fault address 0x00001a39.

Error - 9/8/2011 11:43:15 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application ootp11.exe, version 11.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2011 1:18:44 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module nspr4.dll, version 4.8.9.0, fault address 0x000092ac.

Error - 9/28/2011 5:02:50 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2011 11:01:16 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:00:33 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:01:39 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/5/2011 7:56:37 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2011 11:24:35 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

[ System Events ]
Error - 10/7/2011 11:59:26 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/10/2011 1:53:41 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/10/2011 2:34:37 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/10/2011 2:34:37 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/10/2011 2:34:37 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Speed Disk service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/10/2011 2:34:37 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WDDMService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/10/2011 2:34:37 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/10/2011 2:34:38 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WD File Management Shadow Engine service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/10/2011 2:34:38 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/10/2011 2:42:58 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.


< End of report >
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please respond to:

Step 5.

How is the computer performing now? Please let me know so we can tailor the next steps efficiently!

and please let me know which SystemWorks "capabilities" you use and I will give you a suggestion. Pending your response we can hold off on the removal for now.

CompCav
  • 0

Advertisements


#11
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
ComCav,

You ask "How is it performing?" I'm not sure of the answer. It appears to be working OK, but perhaps a bit slower. By slower I mean mostly in booting up and in Loading Firefox. BUT, to be honest, although it seems a little slower, I would NOT bet my 401k on it.

As far a Systemworks, I use the mostly "Find and Fix Problems." "Find and Fix" has 3 sub modules: One Button Checkup, Norton WinDoctor and Norton DiscDoctor. I use the "One Button Checkup" weekly. It has 4 scans enabled:
Windows Registry Scan
Program Integrity Scan
Shortcut Scan
Norton Cleanup Scan

[The Virus Definitions, Auto-Protect and Last Virus Scan Checks are all disabled]

The other two modules I use rarely (I probably should use them more often.) Also the other main capabilities

Monitor System Performance
Clean Up Your PC
Optimize Your PC
Erase Unwanted Data
Rescue Deleted Files

are very rarely used. In fact, I don't think I ever used the last two.


Lastly, I had a question about my Firewall. You may remember that I said I don't know if I have one and asked you on how can I check to see if one is enabled.

Again, thanks for you time and efforts.

JS
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

Lastly, I had a question about my Firewall. You may remember that I said I don't know if I have one and asked you on how can I check to see if one is enabled.

You can check it this way:

Click Start, Control Panel, Security Center.

The firewall should be Green and On

Click on it if it is not and then enable it or set it to On.

Please let me know which firewall it shows that you are running??


I am preparing the next step in your clean up now and will have it up for you by tomorrow pending approval by my instructor!

CompCav
  • 0

#13
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
ComCav,

Sorry I missed so many of your postings. It showed that I had no Firewall. Today I enabled the Windows Firewall. I have several questions.

1. What does a the Firewall do that my AVIRA Anti-virus does not do.

2. I use my computer as a remote terminal and hook up with a server in California to do the financial work of the small non-profit of which I am the national treasurer. Also I link up with the desk top in my office at my workplace so that I can work ocasionly at home, i.e. so that I can tele-work. Will the Firewall prevent this? If so, I will have to disconnect it.
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

1. What does a the Firewall do that my AVIRA Anti-virus does not do.

Without a firewall your computer is succeptible to being hacked and taken over. Using a firewall will allow you to allow/deny access for applications that want to go online. It works along with Avira which stops malware most of the time.

2. I use my computer as a remote terminal and hook up with a server in California to do the financial work of the small non-profit of which I am the national treasurer. Also I link up with the desk top in my office at my workplace so that I can work ocasionly at home, i.e. so that I can tele-work. Will the Firewall prevent this? If so, I will have to disconnect it.

If there is a problem we can add an exception to the Firewall exception list. You should always have a firewall when an internet connection is potentially open.

Do you have a router that your computer is attached to? Just let me know the make and model of your router and I can check on the firewall features if any.

CompCav
  • 0

#15
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
ComCav,

I am attached to the internet via Verizon FIOS using an ActionTec modem/router, Model: MI424-WR Rev. F
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP