Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hitman Pro caused fatal system error c000021a trying to remove t5rc.dl


  • Please log in to reply

#16
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ron,

I guess I owe you a drink or dinner or something. Following the delete IE7 suggestion worked for me to be able to authenticate my windows software and I was able to enter my key.

I got my desktop back!

I am trying to update my antivirus software. Also I inadvertently responded to a request to update my hp software. Since the printer wasn't attached to the old computer at the time, this caused a "...\setup\status\status.msi cannot be found" with some kind of windows installer program trying to execute. I looked around the internet for fixes and it seemed the best thing to do was uninstall the hp software, and reinstall it if I want to use it again from this computer. I am deleting the hp software as I write this.

I am sure that I will run into more glitches as I try to use programs on the old computer, but at least you got me back into it! My IE went back to version 6, and I will try to install IE8 to get to anything I need to on the web.

Thanks again for all of you time, patience, and kindness in trying to help me get back on this computer. You are a great guy to help people out like this! Thanks again!
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Good that you got your desktop back.

I've moved your thread over to the malware forum as they don't like malware scans in the other forums.

Let's see if your original problem is really gone.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL
select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Run OTL, Quickscan and post the log.

Ron
  • 0

#18
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It took a couple of days to totally update my browser and XP and Office. A lot of updates have been created since my computer went down in June, and I didn't want to do too many updates at once.

I will do all of the tasks you want me to post, but it may take a little bit of time as things have gotten a bit hectic with a couple of projects I am working on. Here are the first two logs you asked me to post:

OTL logfile created on: 2/1/2012 5:36:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chrissie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 477.54 Mb Available Physical Memory | 46.68% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.08% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 81.90 Gb Free Space | 73.31% Space Free | Partition Type: NTFS

Computer Name: 2ZPRR41 | User Name: Chrissie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 17:32:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chrissie\Desktop\OTL.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 08:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 08:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/04/19 16:39:30 | 000,935,744 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2011/03/14 09:31:03 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/06/26 10:44:33 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/05/09 07:20:30 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/12/10 04:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/10/10 09:06:10 | 000,192,512 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
PRC - [2003/08/13 09:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/04/03 00:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 16:07:49 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/02/01 15:58:18 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/02/01 15:57:46 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/30 17:50:08 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a8816e13\mscorlib.dll
MOD - [2012/01/30 17:50:02 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b5556dcd\system.drawing.dll
MOD - [2012/01/30 17:49:49 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4bfecca8\system.xml.dll
MOD - [2012/01/30 17:49:42 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d54e7230\system.windows.forms.dll
MOD - [2012/01/30 17:49:26 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2985eee7\system.dll
MOD - [2012/01/30 17:48:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/30 17:48:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/12/18 21:04:10 | 000,074,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll
MOD - [2011/04/19 16:40:06 | 000,088,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2011/04/19 16:39:32 | 000,290,112 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/04/19 16:39:24 | 000,222,016 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/06/26 10:44:33 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2006/01/26 15:54:03 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2006/01/26 15:54:01 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2006/01/26 15:53:17 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2006/01/26 15:53:17 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2006/01/26 15:53:14 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2006/01/26 15:53:12 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2006/01/26 15:53:12 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2006/01/26 15:53:12 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2006/01/26 15:53:12 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2006/01/26 15:53:12 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2006/01/26 15:53:12 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2006/01/26 15:53:11 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2006/01/26 15:53:11 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2006/01/26 15:53:11 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2006/01/26 15:53:11 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2006/01/26 15:53:11 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2006/01/26 15:53:10 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2006/01/26 15:53:10 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2006/01/26 15:53:10 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2006/01/26 15:52:13 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2006/01/26 15:52:13 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2006/01/26 15:52:13 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2006/01/26 15:52:12 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2006/01/26 15:52:12 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2006/01/26 15:52:12 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2006/01/26 15:52:12 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2006/01/26 15:52:12 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2004/10/01 14:35:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/10/01 14:35:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2004/04/29 01:31:42 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2003/10/10 09:06:12 | 000,057,344 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\AsstCatalog.dll
MOD - [2003/10/10 09:06:10 | 000,192,512 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 08:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe -- (SymWSC)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 08:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/11/03 08:44:18 | 000,036,744 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
DRV - [2008/04/14 06:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/08/03 21:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 21:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/05 13:14:08 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 10:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 06:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/08/28 17:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Chrissie\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Chrissie\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Chrissie\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/30 16:20:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Chrissie\Application Data\Move Networks [2010/01/29 15:29:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2002/08/29 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] 1 File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10s_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: /// ([]money in Trusted sites)
O15 - HKCU\..Trusted Domains: dgparks.org ([dgpdwebtrac] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dgparks.org ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: entertainment.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([fdl] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([*.g] * in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([*.moneycentral] * in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([g] * in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([moneycentral] * in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.com ([loginnet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.net ([]* in Trusted sites)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://symantec.atgn...wnload/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://symantec.atgn...d/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....sa/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.micr...ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1132768505156 (MUWebControl Class)
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} http://www.callwave....DL_DownLoad.CAB (CWDL_DownLoadControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} http://moneycentral....bs/pmupdate.exe (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.s.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://69.44.122.156...er/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4E4E9F5-59D9-4341-93D2-08872E457EF5}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 12:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{245fd662-680b-11df-a8e4-000cf1e6c026}\Shell - "" = AutoRun
O33 - MountPoints2\{245fd662-680b-11df-a8e4-000cf1e6c026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{245fd662-680b-11df-a8e4-000cf1e6c026}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 17:32:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chrissie\Desktop\OTL.exe
[2012/01/31 10:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/01/31 10:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/01/31 10:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/01/31 10:40:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2012/01/31 10:40:21 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2012/01/31 10:40:21 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2012/01/31 10:40:21 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2012/01/31 10:40:20 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2012/01/31 10:40:20 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2012/01/31 10:40:19 | 000,000,000 | ---D | C] -- C:\0c52271ce95a16b6c9cfc9e8cc
[2012/01/31 10:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/01/31 10:00:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/01/31 10:00:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/01/31 10:00:19 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/01/31 10:00:18 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/01/31 10:00:14 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/01/31 09:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Application Data\ElevatedDiagnostics
[2012/01/31 09:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/01/31 09:39:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/01/31 08:38:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chrissie\PrivacIE
[2012/01/31 08:29:56 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2012/01/31 08:17:00 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/01/31 08:17:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/01/31 08:12:35 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/01/30 20:12:16 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2012/01/30 20:12:16 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2012/01/30 20:12:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2012/01/30 20:12:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2012/01/30 20:12:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2012/01/30 20:12:11 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2012/01/30 20:12:11 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2012/01/30 20:12:11 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2012/01/30 20:12:11 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2012/01/30 20:12:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2012/01/30 20:12:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2012/01/30 20:12:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2012/01/30 20:12:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2012/01/30 20:12:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2012/01/30 20:12:10 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2012/01/30 20:11:53 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/01/30 20:08:47 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012/01/30 19:58:08 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/01/30 19:57:52 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/01/30 19:57:51 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/01/30 19:57:08 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/01/30 19:41:41 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2012/01/30 19:41:41 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2012/01/30 19:41:41 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/01/30 19:41:29 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/01/30 19:39:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/01/30 19:37:47 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012/01/30 19:30:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chrissie\IETldCache
[2012/01/30 19:19:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/30 17:13:20 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/01/30 17:13:10 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/01/30 17:13:09 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/01/30 17:13:08 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/01/30 17:13:08 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/01/30 16:36:18 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/01/30 16:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/01/30 16:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/30 15:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/01/30 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\ZoneAlarm_Security
[2012/01/30 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\Temp
[2012/01/30 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\Conduit
[2012/01/30 15:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2012/01/25 11:06:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/25 05:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Tmp0112
[2012/01/25 05:32:23 | 000,000,000 | ---D | C] -- C:\tmp
[2002/04/10 23:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 17:32:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chrissie\Desktop\OTL.exe
[2012/02/01 17:23:07 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/02/01 17:22:10 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2012/02/01 17:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/02/01 17:21:49 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 17:19:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/01 16:03:35 | 000,481,452 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/02/01 16:03:35 | 000,088,400 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/02/01 14:28:40 | 000,360,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/31 09:30:54 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Chrissie\Desktop\Microsoft Fix it.url
[2012/01/30 19:31:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Chrissie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/30 16:32:29 | 000,416,398 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/30 16:20:20 | 000,000,128 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2012/01/30 13:09:35 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 17:14:50 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012/01/31 09:30:54 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Chrissie\Desktop\Microsoft Fix it.url
[2012/01/30 16:21:33 | 000,416,398 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/30 13:09:36 | 000,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2012/01/30 12:58:09 | 1072,762,880 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/07 16:44:24 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/01/07 16:44:24 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/01/07 16:44:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2010/11/17 18:08:53 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Chrissie\Application Data\scgdfgasfbh.bat
[2010/10/22 14:18:17 | 000,089,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/18 10:56:37 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/03 20:32:31 | 000,015,140 | -HS- | C] () -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\jXP7U0T4
[2009/06/17 14:08:16 | 000,116,841 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/14 17:57:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/26 15:32:18 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/07/09 14:59:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/05/28 13:00:18 | 000,016,007 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat
[2006/12/03 13:13:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/05/01 13:52:23 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2005/11/22 11:31:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/11/10 13:26:12 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/10/04 12:15:02 | 000,795,904 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2005/06/03 13:47:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2004/08/12 13:46:43 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/08/12 13:27:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/05 13:14:37 | 000,000,733 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/15 10:56:05 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\FASTWiz.html
[2004/05/20 13:59:26 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\fusioncache.dat
[2004/04/29 01:50:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/29 01:40:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/29 01:37:08 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/29 01:35:40 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/04/29 01:35:40 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/04/29 01:35:26 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/04/29 01:35:26 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/04/29 01:35:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/04/29 01:35:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/29 01:34:59 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/29 01:33:59 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/29 01:23:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/04/29 01:22:38 | 000,481,452 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/04/29 01:22:38 | 000,088,400 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/04/29 01:11:08 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/23 08:05:02 | 000,360,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/23 08:03:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/20 12:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 12:35:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 12:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

< End of report >


OTL Extras logfile created on: 2/1/2012 5:36:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chrissie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 477.54 Mb Available Physical Memory | 46.68% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.08% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 81.90 Gb Free Space | 73.31% Space Free | Partition Type: NTFS

Computer Name: 2ZPRR41 | User Name: Chrissie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{1D89DBCF-9569-45F6-9392-9E64820ED2DD}" = ZoneAlarm Antivirus
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{81AA0002-A4DB-4C18-A37E-0A37825F6C0E}" = ZoneAlarm DataLock
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9C367C4-94B7-4D8D-94DF-B00F857DEC1D}" = PC Backup
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"BroadJump Client Foundation" = BroadJump Client Foundation
"Corel Applications" = Corel Applications
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"HashOnClick_is1" = HashOnClick
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{B9C367C4-94B7-4D8D-94DF-B00F857DEC1D}" = PC Backup
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006a" = MSN Money Investment Toolbox
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"SBC.MCCInstall" = AT&T Self Support Tool
"Sidekick 98" = Sidekick 98
"SyncBackSE_is1" = SyncBackSE
"Tweak UI 2.10" = Tweak UI
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2011 1:04:56 PM | Computer Name = 2ZPRR41 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15641

Error - 6/8/2011 1:04:56 PM | Computer Name = 2ZPRR41 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15641

Error - 6/12/2011 1:15:27 PM | Computer Name = 2ZPRR41 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2011 1:15:35 PM | Computer Name = 2ZPRR41 | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 6/12/2011 1:42:21 PM | Computer Name = 2ZPRR41 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17096, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2011 1:42:32 PM | Computer Name = 2ZPRR41 | Source = Application Hang | ID = 1001
Description = Fault bucket -1899419953.

Error - 1/25/2012 1:10:39 PM | Computer Name = 2ZPRR41 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

Error - 1/25/2012 1:11:05 PM | Computer Name = 2ZPRR41 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

Error - 1/25/2012 1:13:49 PM | Computer Name = 2ZPRR41 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

Error - 1/27/2012 10:51:50 AM | Computer Name = 2ZPRR41 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

[ System Events ]
Error - 1/31/2012 9:27:32 AM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 1/31/2012 10:06:37 AM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 1/31/2012 10:24:03 AM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 1/31/2012 10:42:23 AM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 1/31/2012 11:33:10 AM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 1/31/2012 12:09:17 PM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 2/1/2012 2:54:41 PM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 2/1/2012 4:29:16 PM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 2/1/2012 6:10:09 PM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 2/1/2012 7:22:29 PM | Computer Name = 2ZPRR41 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3


< End of report >
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
No hurry on this. I don't keep track. Just answer threads when I get an email that there has been a reply.

Looks like you had Norton/Symantec and it didn't uninstall correctly:

Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run the Norton Removal tool.

Also download,s ave and run the Kaspersky removal tool

http://support.kaspe.../?qid=208279463

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall:
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Reader 7.0.5 Language Support (Get latest reader and flash from adobe.com)

Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 17 (get the latest Java from java.com)

Hitman Pro 3.5
Uniblue RegistryBooster
Yahoo! Install Manager

ZoneAlarm Security Toolbar
  • 0

#20
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Regarding my Symantec Live Update - My ZoneAlarm Security Program is expiring next week.

My new computer came with Norton Internet Security and I bought a 3 user license for a year. I was planning to uninstall ZoneAlarm when it expires on the Dell Computer and load Norton Internet Security. Besides I was rather ticked at ZoneAlarm for not even blinking when that malware got downloaded on my system. It was clueless!

Does that change any of the instructions you gave me in your previous post?

Thanks.
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Not really. It would probably be best since you plan to reinstall Norton for all old traces to be removed before you do that.

I'm not sure who makes ZA's anti-virus. It's not on the latest list of tested anti-viruses:

http://www.av-test.o...ts/novdec-2011/

Norton is not bad but it is a resource hog so expect things to be a bit slower.
  • 0

#22
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Zonealarm is a Checkpoint Software product.

I tried to download combofix. I disabled all the protective features of zonealarm, but since this is a newer version than I had before the computer crash, I was confused about how to totally exit it. Subsequently I have figured this out.

So, with the features disabled, I ran combofix from my desktop. I got the disclaimer screen, and it extracted some files. I never got a recovery console, and after waiting 45 minutes, nothing seemed to have happened. I did not find a file called c:\combofix.txt.

What should I do now? Can I totally exit Zonealarm and try to execute combofix again? I am not sure as to what actually did or did not happen to the execution of combofix.
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
You might need to uninstall Combofix and download a new copy if ZA was active when you downloaded or ran it before.

To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

Uninstall Malwarebytes' Anti-Malware, download a new copy of Combofix to your desktop:

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


Sometimes it helps to run from Safe Mode with Networking:
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)



Sometimes you need to

copy the next line:

"%userprofile%\Desktop\combofix.exe" /killall

Start, Run, cmd, OK then right click, Paste, then hit Enter in order to get it to run.
  • 0

#24
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OK, Ron, I got combofix to work, and I will post the log below. BTW, I am doing these tasks one at a time as I mentioned before, and have not deleted any programs yet.

Are we doing multiple types of virus/malware scans to make sure nothing gets accidentally missed? They all must have their pluses and minuses...

--------------------------------------------------------------------------------------------------------------

ComboFix 12-02-05.01 - Chrissie 02/04/2012 15:46:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.664 [GMT -6:00]
Running from: c:\documents and settings\Chrissie\Desktop\combofix.exe
Command switches used :: /killall
FW: ZoneAlarm Extreme Security Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Chrissie\Application Data\scgdfgasfbh.bat
c:\documents and settings\Chrissie\Local Settings\Temporary Internet Files\B4Jx1.jpg
c:\documents and settings\Chrissie\Local Settings\Temporary Internet Files\JNoOyLNlm.jpg
c:\documents and settings\Chrissie\Local Settings\Temporary Internet Files\la7Y0ab1.jpg
c:\documents and settings\Chrissie\Local Settings\Temporary Internet Files\yx6m2ab2P.jpg
c:\documents and settings\Chrissie\WINDOWS
c:\windows\dasetup.log
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\Downloaded Program Files\Temp
c:\windows\sufB4.tmp
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\comrepl.exe
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C7.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 21:32 . 2012-02-04 21:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2012-02-04 21:27 . 2012-02-04 21:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-04 21:26 . 2012-02-04 21:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-02-01 23:15 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-01-31 16:41 . 2012-01-31 16:41 -------- d-----w- c:\program files\MSBuild
2012-01-31 16:41 . 2012-01-31 16:41 -------- d-----w- c:\program files\Reference Assemblies
2012-01-31 16:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-31 16:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-31 16:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-01-31 16:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-01-31 16:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-31 16:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-31 16:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-01-31 16:40 . 2012-01-31 16:40 -------- d-----w- C:\0c52271ce95a16b6c9cfc9e8cc
2012-01-31 16:00 . 2011-11-04 19:20 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-31 16:00 . 2011-11-04 19:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-31 16:00 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-31 16:00 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-31 16:00 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-31 16:00 . 2011-11-04 19:20 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-31 16:00 . 2011-11-04 19:20 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-01-31 15:47 . 2012-01-31 15:47 -------- d-----w- c:\documents and settings\Chrissie\Application Data\ElevatedDiagnostics
2012-01-31 14:38 . 2012-01-31 14:38 -------- d-sh--w- c:\documents and settings\Chrissie\PrivacIE
2012-01-31 14:29 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-01-31 14:17 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-01-31 14:17 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-01-31 14:12 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-01-31 02:12 . 2008-06-12 14:23 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2012-01-31 02:12 . 2008-06-12 14:23 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2012-01-31 02:12 . 2008-06-12 14:23 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2012-01-31 02:12 . 2008-06-12 14:23 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
2012-01-31 02:12 . 2008-06-12 14:23 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2012-01-31 02:12 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-01-31 02:12 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2012-01-31 02:12 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
2012-01-31 02:12 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
2012-01-31 02:12 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
2012-01-31 02:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-01-31 02:08 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-01-31 01:58 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-01-31 01:57 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-31 01:57 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-01-31 01:57 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-31 01:41 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-01-31 01:41 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2012-01-31 01:41 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-01-31 01:41 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-01-31 01:39 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-01-31 01:37 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-01-31 01:31 . 2012-01-31 01:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-31 01:30 . 2012-01-31 01:30 -------- d-sh--w- c:\documents and settings\Chrissie\IETldCache
2012-01-31 01:19 . 2012-01-31 01:21 -------- dc-h--w- c:\windows\ie8
2012-01-30 22:18 . 2012-01-30 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-01-30 21:00 . 2012-01-30 21:00 -------- d-----w- c:\program files\Conduit
2012-01-30 21:00 . 2012-02-03 21:43 -------- d-----w- c:\documents and settings\Chrissie\Local Settings\Application Data\ZoneAlarm_Security
2012-01-30 21:00 . 2012-01-30 22:34 -------- d-----w- c:\documents and settings\Chrissie\Local Settings\Application Data\Conduit
2012-01-30 21:00 . 2012-01-30 21:00 -------- d-----w- c:\documents and settings\Chrissie\Local Settings\Application Data\Temp
2012-01-30 21:00 . 2012-01-30 22:35 -------- d-----w- c:\program files\ZoneAlarm_Security
2012-01-25 11:35 . 2012-01-30 05:22 -------- d-----w- c:\windows\Tmp0112
2012-01-25 11:32 . 2012-01-25 11:32 -------- d-----w- C:\tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 19:21 . 2011-05-18 18:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZon1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-10-14 217088]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2007-06-26 368706]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-09 180269]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-11-22 217088]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"PCBackup Scheduler"=c:\program files\Eisenworld\PCBackup\ABScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R1 kl2;kl2;c:\windows\SYSTEM32\DRIVERS\kl2.sys [10/14/2010 5:08 PM 11352]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 8:44 AM 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 8:44 AM 497280]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [11/3/2011 8:44 AM 36744]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Chrissie\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Chrissie\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-04 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.geekstogo.com/forum/topic/312892-hitman-pro-caused-fatal-system-error-c000021a-trying-to-remove-t5rcdll-and-subsequent-attempts-to-reboot-computer/page__st__15__gopid__2116859
uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ///
Trusted Zone: dgparks.org\dgpdwebtrac
Trusted Zone: dgparks.org\www
Trusted Zone: entertainment.com\www
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\fdl
Trusted Zone: microsoft.com\update
Trusted Zone: msn.com\*.g
Trusted Zone: msn.com\*.moneycentral
Trusted Zone: msn.com\g
Trusted Zone: msn.com\moneycentral
Trusted Zone: passport.com
Trusted Zone: passport.com\loginnet
Trusted Zone: passport.net
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab - hxxp://69.44.122.156/scanner/ppctlcab.cab
DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://symantec.atgnow.com/sdccommon/download/ssrc.cab
DPF: {01119400-3E00-11D2-8470-0060089874ED} - hxxp://symantec.atgnow.com/sdccommon/download/sprtctlln.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3563590144-3547084082-725431379-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'lsass.exe'(780)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(700)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-02-04 16:07:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-04 22:07
.
Pre-Run: 90,969,251,840 bytes free
Post-Run: 98,215,878,656 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
.
- - End Of File - - 3F3CC384E21D9DFCB505F7E6D8760F56
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Combofix is the big gun. If I can't run it I can't be sure that I have got all of the malware. TDSSKiller and aswMBR are special purpose tools developed to fight MBR infections. Let's see if the script will run now.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\SYSTEM32\DRIVERS\kl2.sys
c:\windows\system32\Drivers\BW2NDIS5.sys
c:\docume~1\Chrissie\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
c:\windows\Tasks\RegistryBooster.job

Driver::
kl2
BW2NDIS5
F-Secure Standalone Minifilter


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

Advertisements


#26
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ron,

I tried to follow your instructions to restart combofix. The problem happened as combofix was restarting the computer after running through its processes. My zonealarm tries to run right away when the computer boots, and combofix says not to run any programs. It said it was preparing its log report, but it just stalled. As a title it said:combofix -find3m.

I got the following error; I'm extremely tired so I don't know if I spelled it correctly.

hpqgchy.exe has generated an exception and can't be handled.
id=0xef8(3832) thred id= 0xfcc(4044).

I finally just closed out of the blue box, as it hung for a very long time.
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Get some sleep. It will still be there tomorrow.

This run of Combofix wasn't critical. If it got to 3m it probably did what I asked it to do. Run OTL, Quickscan and let's see what it looks like now.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#28
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ron,

Sorry it took so long for me to get back here. I had to uninstall Zonealarm because it had expired, and install Norton to keep Security on this machine. Norton promptly quarantined Combofix as a Trojan. It also quarantined vew.exe, but I reinstalled it.

I tried to get rid of some of the old stuff on the machine as you had recommended. I haven't deleted Hitman Pro as of yet, because I am trying to figure out my license key. I had bought a license for it, and I'm debating pursuing the malware issue with them. It bugs me about their lack of support for this product.

I also haven't deleted my old Adobe Acrobat stuff. I had consciously thought about not wanting all the extra bells and whistles when they had asked me to upgrade. However, if you think it is a security risk, I could delete the old and install the new versions.

Here is the first run of vew.exe:
Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/02/2012 2:35:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/02/2012 2:04:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 10/02/2012 5:42:32 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 10/02/2012 5:29:09 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 10/02/2012 4:59:19 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 10/02/2012 4:49:34 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 08/02/2012 6:37:27 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 08/02/2012 6:35:30 PM
Type: error Category: 0
Event: 11 Source: PlugPlayManager
The device Root\LEGACY_KL2\0000 disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 08/02/2012 6:35:30 PM
Type: error Category: 0
Event: 11 Source: PlugPlayManager
The device Root\LEGACY_F-SECURE_STANDALONE_MINIFILTER\0000 disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 08/02/2012 6:35:30 PM
Type: error Category: 0
Event: 11 Source: PlugPlayManager
The device Root\LEGACY_BW2NDIS5\0000 disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The ZoneAlarm ForceField IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/02/2012 6:27:13 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/02/2012 6:27:12 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/02/2012 5:45:14 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 10/02/2012 4:59:29 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 10/02/2012 4:49:26 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 04/02/2012 3:39:05 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000CF1E6C026. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 04/02/2012 3:36:42 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 04/02/2012 3:32:48 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 03/02/2012 5:02:16 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 03/02/2012 4:45:49 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000CF1E6C026. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 03/02/2012 4:17:26 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 01/02/2012 5:48:22 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 31/01/2012 11:11:36 AM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 31/01/2012 10:40:40 AM
Type: warning Category: 0
Event: 20 Source: Print
Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Log: 'System' Date/Time: 30/01/2012 8:27:56 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 30/01/2012 5:45:36 PM
Type: warning Category: 0
Event: 20 Source: Print
Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Log: 'System' Date/Time: 30/01/2012 5:45:35 PM
Type: warning Category: 0
Event: 3 Source: Print
Printer Microsoft Office Document Image Writer was deleted.

Log: 'System' Date/Time: 30/01/2012 5:45:34 PM
Type: warning Category: 0
Event: 4 Source: Print
Printer Microsoft Office Document Image Writer is pending deletion.

Log: 'System' Date/Time: 30/01/2012 3:21:08 PM
Type: warning Category: 0
Event: 3 Source: Print
Printer HP Officejet Pro L7600 Series fax was deleted.

Log: 'System' Date/Time: 30/01/2012 3:21:06 PM
Type: warning Category: 0
Event: 4 Source: Print
Printer HP Officejet Pro L7600 Series fax is pending deletion.

Log: 'System' Date/Time: 30/01/2012 3:21:05 PM
Type: warning Category: 0
Event: 3 Source: Print
Printer HP Officejet Pro L7600 Series was deleted.

Log: 'System' Date/Time: 30/01/2012 3:21:02 PM
Type: warning Category: 0
Event: 4 Source: Print
Printer HP Officejet Pro L7600 Series is pending deletion.

Here is the application run:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/02/2012 2:50:26 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/02/2012 2:24:29 PM
Type: error Category: 3
Event: 3024 Source: Windows Search Service
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Windows Application, SystemIndex Catalog


Log: 'Application' Date/Time: 01/02/2012 7:25:10 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 618563

Log: 'Application' Date/Time: 01/02/2012 7:25:10 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 618563

Log: 'Application' Date/Time: 01/02/2012 7:25:10 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 01/02/2012 7:14:55 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 4078

Log: 'Application' Date/Time: 01/02/2012 7:14:55 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 4078

Log: 'Application' Date/Time: 01/02/2012 7:14:55 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 01/02/2012 7:14:53 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 2016

Log: 'Application' Date/Time: 01/02/2012 7:14:53 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 2016

Log: 'Application' Date/Time: 01/02/2012 7:14:53 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 30/01/2012 4:26:17 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 30/01/2012 4:26:17 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 30/01/2012 3:15:22 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 30/01/2012 3:11:43 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 30/01/2012 3:03:51 PM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 30/01/2012 3:03:51 PM
Type: error Category: 1
Event: 4124 Source: Ci
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

Log: 'Application' Date/Time: 30/01/2012 2:52:39 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 30/01/2012 2:49:10 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 30/01/2012 2:48:59 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 30/01/2012 2:47:38 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/02/2012 2:24:28 PM
Type: warning Category: 3
Event: 3036 Source: Windows Search Service
The content source <outlookexpress://{s-1-5-21-3563590144-3547084082-725431379-1008}/{2c7a8cd0-78fa-427f-bf86-ae333a20dc52}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(0x81270005)


Log: 'Application' Date/Time: 14/02/2012 2:23:44 PM
Type: warning Category: 1
Event: 1008 Source: Windows Search Service
The Windows Search Service is attempting to remove the old catalog.


Log: 'Application' Date/Time: 08/02/2012 7:01:40 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 08/02/2012 6:36:01 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 08/02/2012 5:53:20 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 04/02/2012 4:24:03 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 04/02/2012 3:53:19 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 04/02/2012 3:24:26 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 03/02/2012 7:06:49 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 01/02/2012 7:42:55 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 01/02/2012 5:20:39 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 01/02/2012 4:08:19 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user 2ZPRR41\Chrissie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 01/02/2012 4:03:36 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 01/02/2012 3:57:26 PM
Type: warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.3625 - Executable "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\44ecf972f11f3c238782da31f27df7e5\mscorlib.ni.dll"

Log: 'Application' Date/Time: 01/02/2012 3:56:48 PM
Type: warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.3625 - Executable "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" AppDomain "RegSvcs.exe" deleted obsolete native image "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6c9d830a0a73ef95247adf6dc3f8e8da\System.ni.dll"

Log: 'Application' Date/Time: 01/02/2012 3:56:35 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 01/02/2012 3:50:18 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 01/02/2012 3:43:36 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 01/02/2012 3:38:47 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 01/02/2012 3:38:47 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Here is the OTL Log:
OTL logfile created on: 2/14/2012 2:52:52 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chrissie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 295.10 Mb Available Physical Memory | 28.85% Memory free
2.41 Gb Paging File | 1.65 Gb Available in Paging File | 68.39% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 91.57 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

Computer Name: 2ZPRR41 | User Name: Chrissie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 17:32:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chrissie\Desktop\OTL.exe
PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
PRC - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/06/26 10:44:33 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/05/09 07:20:30 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
PRC - [2003/12/10 04:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/10/10 09:06:10 | 000,192,512 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
PRC - [2003/08/13 09:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/04/03 00:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 16:07:49 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/02/01 15:58:18 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/02/01 15:57:46 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/30 17:50:08 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a8816e13\mscorlib.dll
MOD - [2012/01/30 17:50:02 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b5556dcd\system.drawing.dll
MOD - [2012/01/30 17:49:49 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4bfecca8\system.xml.dll
MOD - [2012/01/30 17:49:42 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d54e7230\system.windows.forms.dll
MOD - [2012/01/30 17:49:26 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2985eee7\system.dll
MOD - [2012/01/30 17:48:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/30 17:48:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/06/26 10:44:33 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2006/01/26 15:54:03 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2006/01/26 15:54:01 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2006/01/26 15:53:17 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2006/01/26 15:53:17 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2006/01/26 15:53:14 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2006/01/26 15:53:12 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2006/01/26 15:53:12 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2006/01/26 15:53:12 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2006/01/26 15:53:12 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2006/01/26 15:53:12 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2006/01/26 15:53:12 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2006/01/26 15:53:11 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2006/01/26 15:53:11 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2006/01/26 15:53:11 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2006/01/26 15:53:11 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2006/01/26 15:53:11 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2006/01/26 15:53:10 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2006/01/26 15:53:10 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2006/01/26 15:53:10 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2006/01/26 15:52:13 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2006/01/26 15:52:13 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2006/01/26 15:52:13 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2006/01/26 15:52:12 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2006/01/26 15:52:12 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2006/01/26 15:52:12 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2006/01/26 15:52:12 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2006/01/26 15:52:12 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2004/10/01 14:35:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/10/01 14:35:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2004/04/29 01:31:42 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2003/10/10 09:06:12 | 000,057,344 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\AsstCatalog.dll
MOD - [2003/10/10 09:06:10 | 000,192,512 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe -- (SymWSC)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 17:26:38 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/10 16:27:58 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120211.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/02/10 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120213.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/10 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/10 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/10 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120213.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/28 22:48:55 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/23 20:23:47 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS -- (SymEFA)
DRV - [2011/11/23 19:50:26 | 000,574,584 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1305000.091\SRTSP.SYS -- (SRTSP)
DRV - [2011/11/23 19:50:26 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/16 21:37:59 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1305000.091\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/11/16 21:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/04 17:59:35 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS -- (SymDS)
DRV - [2008/04/14 06:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/08/03 21:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 21:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/05 13:14:08 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 10:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 06:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/08/28 17:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo..._gopid__2116859
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Chrissie\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Chrissie\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Chrissie\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012/02/10 17:33:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012/02/14 14:05:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Chrissie\Application Data\Move Networks [2010/01/29 15:29:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/08 18:38:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] 1 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: /// ([]money in Trusted sites)
O15 - HKCU\..Trusted Domains: dgparks.org ([dgpdwebtrac] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dgparks.org ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: entertainment.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([fdl] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([*.g] * in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([*.moneycentral] * in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([g] * in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([moneycentral] * in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.com ([loginnet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.net ([]* in Trusted sites)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://symantec.atgn...wnload/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://symantec.atgn...d/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....sa/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.micr...ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1132768505156 (MUWebControl Class)
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} http://www.callwave....DL_DownLoad.CAB (CWDL_DownLoadControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} http://moneycentral....bs/pmupdate.exe (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.s.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://69.44.122.156...er/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4E4E9F5-59D9-4341-93D2-08872E457EF5}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 12:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 14:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Application Data\Windows Search
[2012/02/14 14:33:31 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Chrissie\Desktop\vew.exe
[2012/02/14 14:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Application Data\Windows Desktop Search
[2012/02/14 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/02/14 14:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/02/14 14:21:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/02/14 14:21:01 | 000,000,000 | ---D | C] -- C:\01df9422ac69b1dad567
[2012/02/10 17:34:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/10 17:26:19 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymEFA.sys
[2012/02/10 17:26:19 | 000,574,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.sys
[2012/02/10 17:26:19 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symtdi.sys
[2012/02/10 17:26:19 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symtdiv.sys
[2012/02/10 17:26:19 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymDS.sys
[2012/02/10 17:26:19 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnets.sys
[2012/02/10 17:26:19 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Ironx86.sys
[2012/02/10 17:26:19 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccSetx86.sys
[2012/02/10 17:26:19 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.sys
[2012/02/10 17:26:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1305000.091
[2012/02/10 17:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Start Menu\Programs\Norton
[2012/02/10 17:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/02/10 17:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\My Documents\Symantec
[2012/02/10 17:05:11 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/10 17:05:11 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/10 17:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/02/10 17:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/02/10 17:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/02/10 17:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/02/10 17:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/02/10 17:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/10 17:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/02/08 18:24:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/08 18:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/02/08 18:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/04 15:45:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/04 15:42:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/04 15:42:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/04 15:42:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/04 15:42:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/04 15:41:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/04 15:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/02/04 15:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/01 17:32:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chrissie\Desktop\OTL.exe
[2012/01/31 10:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/01/31 10:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/01/31 10:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/01/31 10:40:19 | 000,000,000 | ---D | C] -- C:\0c52271ce95a16b6c9cfc9e8cc
[2012/01/31 10:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/01/31 09:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Application Data\ElevatedDiagnostics
[2012/01/31 09:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/01/31 09:39:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/01/31 08:38:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chrissie\PrivacIE
[2012/01/30 19:30:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chrissie\IETldCache
[2012/01/30 19:19:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/30 16:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/30 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\ZoneAlarm_Security
[2012/01/30 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\Temp
[2012/01/30 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\Conduit
[2012/01/25 11:06:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/25 05:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Tmp0112
[2012/01/25 05:32:23 | 000,000,000 | ---D | C] -- C:\tmp
[2002/04/10 23:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 14:33:31 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Chrissie\Desktop\vew.exe
[2012/02/14 14:23:42 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/02/14 14:23:39 | 000,502,786 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/02/14 14:23:39 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/02/14 14:23:30 | 000,650,422 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/14 14:23:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/14 14:04:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/02/14 14:03:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/02/14 14:03:47 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 17:38:56 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\Chrissie\My Documents\Files named hitman.fnd
[2012/02/10 17:36:46 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\VT20111023.022
[2012/02/10 17:29:43 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/02/10 17:29:08 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Chrissie\Desktop\Norton Installation Files.lnk
[2012/02/10 17:26:38 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/10 17:26:38 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/10 17:26:38 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/10 17:26:38 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/02/08 18:38:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2012/02/04 15:45:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/01 17:32:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chrissie\Desktop\OTL.exe
[2012/02/01 14:28:40 | 000,360,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/31 09:30:54 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Chrissie\Desktop\Microsoft Fix it.url
[2012/01/30 19:31:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Chrissie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/30 16:20:20 | 000,000,128 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2012/01/30 13:09:35 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012/01/26 22:25:06 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\isolate.ini
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 14:23:42 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/02/14 14:23:42 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/02/10 17:38:56 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\Chrissie\My Documents\Files named hitman.fnd
[2012/02/10 17:37:22 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\VT20111023.022
[2012/02/10 17:28:10 | 000,650,422 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/10 17:26:05 | 000,004,782 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymVTcer.dat
[2012/02/10 17:26:05 | 000,003,434 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymEFA.inf
[2012/02/10 17:26:05 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymDS.inf
[2012/02/10 17:26:05 | 000,001,469 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymNetV.inf
[2012/02/10 17:26:05 | 000,001,441 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymNet.inf
[2012/02/10 17:26:05 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.inf
[2012/02/10 17:26:05 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.inf
[2012/02/10 17:26:05 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccSetx86.inf
[2012/02/10 17:26:05 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Iron.inf
[2012/02/10 17:26:04 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnetv.cat
[2012/02/10 17:26:04 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymDS.cat
[2012/02/10 17:26:04 | 000,007,468 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccSetx86.cat
[2012/02/10 17:26:04 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymNet.cat
[2012/02/10 17:26:04 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\SymEFA.cat
[2012/02/10 17:26:04 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.cat
[2012/02/10 17:26:04 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.cat
[2012/02/10 17:26:04 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\iron.cat
[2012/02/10 17:26:04 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\isolate.ini
[2012/02/10 17:11:15 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\Chrissie\Desktop\Norton Installation Files.lnk
[2012/02/10 17:05:11 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/10 17:05:11 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/02/10 17:05:03 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/02/04 15:45:05 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/04 15:45:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/04 15:42:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/04 15:42:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/04 15:42:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/04 15:42:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/04 15:42:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/04 15:36:21 | 1072,762,880 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/01 17:14:50 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012/01/31 09:30:54 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Chrissie\Desktop\Microsoft Fix it.url
[2012/01/30 13:09:36 | 000,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/01/07 16:44:24 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/01/07 16:44:24 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/01/07 16:44:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2010/10/22 14:18:17 | 000,089,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/18 10:56:37 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/03 20:32:31 | 000,015,140 | -HS- | C] () -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\jXP7U0T4
[2009/06/17 14:08:16 | 000,116,841 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/14 17:57:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/26 15:32:18 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/09 14:59:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/05/28 13:00:18 | 000,016,007 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat
[2006/12/03 13:13:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/05/01 13:52:23 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2005/11/22 11:31:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/11/10 13:26:12 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/10/04 12:15:02 | 000,795,904 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2005/06/03 13:47:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2004/08/12 13:46:43 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/08/12 13:27:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/05 13:14:37 | 000,000,733 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/15 10:56:05 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\FASTWiz.html
[2004/05/20 13:59:26 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\fusioncache.dat
[2004/04/29 01:50:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/29 01:40:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/29 01:37:08 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/29 01:35:40 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/04/29 01:35:40 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/04/29 01:35:26 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/04/29 01:35:26 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/04/29 01:35:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/04/29 01:35:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/29 01:34:59 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/29 01:33:59 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/29 01:23:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/04/29 01:22:38 | 000,502,786 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/04/29 01:22:38 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/04/29 01:11:08 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/23 08:05:02 | 000,360,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/23 08:03:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/20 12:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 12:35:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 12:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2005/10/05 14:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2012/01/30 16:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2005/07/28 09:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eisenworld
[2010/02/12 16:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/11/17 18:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/03 20:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/02/20 09:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/01/30 10:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/03/30 16:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/02 14:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/07 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\CheckPoint
[2008/09/22 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2005/05/27 18:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\Earthlink
[2012/01/31 09:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\ElevatedDiagnostics
[2009/07/24 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\Image Zone Express
[2004/05/26 09:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\Leadertech
[2008/11/17 13:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\MailFrontier
[2008/07/23 19:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\OfficeUpdate12
[2008/09/26 14:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\Printer Info Cache
[2010/03/08 18:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\Safer Networking
[2011/03/30 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\Trusteer
[2012/02/14 14:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\Windows Desktop Search
[2012/02/14 14:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chrissie\Application Data\Windows Search

========== Purity Check ==========

< End of report >


So how are things looking? Also, I didn't delete all my old Norton software, because I have Partition Magic installed on this computer, and I still want to be able to use it without reinstalling it.
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKCU..\Run: [Yahoo! Pager] 1 File not found
[2010/03/03 20:32:31 | 000,015,140 | -HS- | C] () -- C:\Documents and Settings\Chrissie\Local Settings\Application Data\jXP7U0T4
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

You have two services not starting:

SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)

These are from Norton so it may not have installed correctly or it may be they don't need them any more and they are leftover from earlier. Is Norton updating correctly?
  • 0

#30
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Norton Internet Security 2012 seems to be updating fine as far as I can tell.

I think that other stuff was from an old version of Norton Internet Security (several years ago). When I was uninstalling that Norton Internet Security, I was not sure if Partition Magic was using Live Update (although I didn't think it was). So I think that is how that those services are left over and not starting.

I did check that Norton link you provided, but it said it would uninstall any old Norton programs, so I skipped it, not wanting to delete Partition Magic. Is there a way to selectively delete those 2 Live Update services that are not starting?

I followed your OTL instructions and here is the log:

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Pager deleted successfully.
C:\Documents and Settings\Chrissie\Local Settings\Application Data\jXP7U0T4 moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Chrissie
->Java cache emptied: 20149156 bytes

User: Default User
->Java cache emptied: 13689508 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 32.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 615 bytes

User: All Users

User: Chrissie
->Flash cache emptied: 527395 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 1.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02152012_154941
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP