1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacked + Rootkit infection?

Discussion in 'Virus & Other Malware Removal' started by PALV, Mar 11, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Bill,

    We dont seem to be making much headway with your current issue. Lets hit this from outside windows with an Avira rescue system, As follows please :-

    The process is very simple and easy to follow. One stipulation that must be followed. The CD must be created on a known clean PC, from the same PC print off the instruction, they really are very easy to follow. All you need is a blank writable CD, everything else is included in the tutorial. Obviously the PC must have a burner.
    All instructions are available here Avira Rescue System Read through the instructions a couple of times to familiarize yourself with them, create the CD and print off the instruction. It will be to your advantage to have the instructions available during the process.
    When complete post back and let me know how you got on, any improvement...

    Kevin
     
  2. PALV

    PALV Thread Starter

    Joined:
    Mar 10, 2011
    Messages:
    56
    Kevin-
    Avira Rescue System CD created and run - log below.

    Question : should a full system scan (with my AV software, Symantec) be run as noted in final step of instructions? I stopped there not knowing if that only applied when/if AntiVir was the resident AV software.

    Bill

    ----
    Avira / Linux Version 1.9.152.0
    Copyright (c) 2010 by Avira GmbH
    All rights reserved.
    engine set: 8.2.4.188
    VDF Version: 7.11.5.43
    Scan start time: Wed Mar 23 11:47:47 2011
    configuration file: /etc/avira/scancl.conf

    WARNING: [Unsupported archive version] /media/Devices/sda2/Documents and
    Settings/1.Mom/Application Data/Juniper Networks/Host
    Checker/uninstall.exe

    WARNING: [Unexpected end of file]
    /media/Devices/sda2/Documents and Settings/1.Mom/Application Data/Juniper
    Networks/setup/uninstall.exe

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/1.Mom/My
    Documents/LimeWire/Saved/10 -Nickelback-Dark Horse- If Today Was Your Last
    Day.mp3

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and
    Settings/1.Mom/My Documents/LimeWire/Saved/11 -Nickelback-Dark Horse- This
    Afternoon.mp3

    WARNING: [File is encrypted] /media/Devices/sda2/Documents
    and Settings/All Users/Application Data/Spybot - Search &
    Destroy/Recovery/MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/MicrosoftWindowsSecurityInternetExplorer.zip

    WARNING:
    [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/MyWayMyWebSearch.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/MyWayMyWebSearch1.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip

    WARNING:
    [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/MyWayMyWebSearch3.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/MyWayMyWebSearch4.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip

    WARNING:
    [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/KuasioKa.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/KuasioKa1.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/KuasioKa2.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/KuasioKa3.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/KuasioKa4.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/KuasioKa5.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/KuasioKa6.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar30.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar31.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar32.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar33.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar4.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar5.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar6.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar7.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar8.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar9.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FraudSysguard.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/FraudSysguard1.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FraudSysguard2.zip

    WARNING: [File
    is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar1.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar10.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar11.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar12.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar13.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar14.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar15.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar16.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar17.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar18.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar19.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar2.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar20.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar21.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar22.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar23.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar24.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar25.zip

    ALERT: [GEN/PwdZIP] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar26.zip <<< Contains signature of
    the GEN/PwdZIP virus

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/FastBrowserSearchToolbar26.zip

    ALERT:
    [GEN/PwdZIP] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar27.zip <<< Contains signature of
    the GEN/PwdZIP virus

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/FastBrowserSearchToolbar27.zip

    WARNING: [File
    is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar28.zip

    [archive scan abort]
    [renamed]
    WARNING: [File is encrypted] /media/Devices/sda2/Documents and
    Settings/All Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar29.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FastBrowserSearchToolbar.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/FastBrowserSearchToolbar3.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search &
    Destroy/Recovery/MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/GameVance.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/GameVance1.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/GameVance2.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/GameVance3.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search & Destroy/Recovery/GameVance4.zip

    WARNING: [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/GameVancePlaySushi.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/GameVancePlaySushi1.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/GameVancePlaySushi10.zip

    WARNING:
    [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/GameVancePlaySushi11.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/GameVancePlaySushi12.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/GameVancePlaySushi13.zip

    WARNING:
    [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/GameVancePlaySushi14.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/GameVancePlaySushi15.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/GameVancePlaySushi16.zip

    WARNING:
    [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/GameVancePlaySushi2.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/GameVancePlaySushi3.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/GameVancePlaySushi4.zip

    WARNING:
    [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/GameVancePlaySushi5.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/GameVancePlaySushi6.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/GameVancePlaySushi7.zip

    WARNING:
    [File is encrypted] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/Spybot - Search &
    Destroy/Recovery/GameVancePlaySushi8.zip

    WARNING: [File is encrypted]
    /media/Devices/sda2/Documents and Settings/All Users/Application Data/Spybot
    - Search & Destroy/Recovery/GameVancePlaySushi9.zip

    WARNING: [File is
    encrypted] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/Spybot - Search & Destroy/Recovery/FraudUltraAntivir.zip

    WARNING:
    [Unsupported archive version] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/AOL
    Downloads/triton_suite_install_2.2.78.1/vwpt.exe

    WARNING: [Unsupported
    archive version] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/AOL
    Downloads/triton_suite_install_6.0.28.3/vwpt.exe

    WARNING: [Unexpected end
    of file] /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/BigFishGamesCache/GameManager/GameDB/F588T1L1/setup_gF588T1L1_d42401238
    6_l1_s1.exe

    WARNING: [Unexpected end of file]
    /media/Devices/sda2/Documents and Settings/All Users/Application
    Data/WildTangent/Dell Game
    Console/Downloads/Installers/{651956B7-1969-42AA-9453-E0B813019D54}.exe -->
    [UnknownDir]/651956B7-1969-42AA-9453-E0B813019D54.exe

    WARNING: [Bad
    compressed data] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/blasterball2remix-setup.exe_cache

    WARNING:
    [Unexpected end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/faceit-drm3.exe -->
    [UnknownDir]/35B081E6-2482-4495-90F8-C00D6C42D2A0.exe

    WARNING: [Bad
    compressed data] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/SetupGamesClient.exe_cache

    WARNING:
    [Unexpected end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.exe -->
    [UnknownDir]/6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA.exe

    WARNING: [Unexpected
    end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.exe -->
    [UnknownDir]/C0A0AA4D-C79B-48CA-8843-2B02B626C9E6.exe

    WARNING: [Unexpected
    end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.exe -->
    [UnknownDir]/C2D8F0E2-6978-4409-8351-BA8785DA11EE.exe

    WARNING: [Unexpected
    end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.exe -->
    [UnknownDir]/D1A6F3FD-7B40-443F-8767-BADB25A0D222.exe

    WARNING: [Unexpected
    end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/{E0814F95-5380-4892-B8C8-7FA4B349EF46}.exe -->
    [UnknownDir]/E0814F95-5380-4892-B8C8-7FA4B349EF46.exe

    WARNING: [Bad
    compressed data] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/vorthex-setup.exe_cache

    WARNING: [Unexpected
    end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.exe -->
    [UnknownDir]/26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3.exe

    WARNING: [Unexpected
    end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/{3C48F877-A164-45E9-B9DA-26A049FFC207}.exe -->
    [UnknownDir]/3C48F877-A164-45E9-B9DA-26A049FFC207.exe

    WARNING: [Unexpected
    end of file] /media/Devices/sda2/Documents and Settings/All
    Users/Application Data/WildTangent/Dell Game
    Console/Downloads/Installers/{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.exe -->
    [UnknownDir]/6293BC00-4EB8-4C65-8548-53E2FC3BF937.exe

    ALERT:
    [Java/Agent.BH] /media/Devices/sda2/Documents and
    Settings/NetworkService/Application
    Data/Sun/Java/Deployment/cache/6.0/14/3160e6ce-7bcfb402 -->
    dev/s/AdgredY.class <<< Contains signature of the Java virus JAVA/Agent.BH
    [archive scan abort]

    ALERT: [JAVA/Exdoer.E] /media/Devices/sda2/Documents
    and Settings/[USER]/Application
    Data/Sun/Java/Deployment/cache/6.0/53/55956235-3295b642 -->
    lort/cooter.class <<< Contains signature of the Java virus JAVA/Exdoer.E
    [archive scan abort]

    WARNING: [Unsupported archive version]
    /media/Devices/sda2/Program Files/NetZeroInstallers/nzcw.exe

    WARNING:
    [Unsupported archive version] /media/Devices/sda2/Program
    Files/NetZeroInstallers/nzfull.exe

    WARNING: [Bad compressed data]
    /media/Devices/sda2/Program Files/NetZeroInstallers/nzhs.exe

    WARNING:
    [Unsupported archive version] /media/Devices/sda2/Program
    Files/NetZeroInstallers/nzqs.exe

    WARNING: [Unsupported archive version]
    /media/Devices/sda2/Program Files/AIM/Sysfiles/viewpoint.exe

    WARNING:
    [Unsupported archive version] /media/Devices/sda2/Program Files/America
    Online 9.0/Jiti/viewpoint.exe

    WARNING: [File is encrypted]
    /media/Devices/sda2/Program Files/Verizon Wireless/VZAccess
    Manager/System/Operators.zip

    ALERT: [SPR/Dldr.DigStream]
    /media/Devices/sda2/Program Files/DIGStream/digstream.exe <<< Contains
    signature of the SPR/Dldr.DigStream program [renamed]

    WARNING:
    [Unsupported archive version] /media/Devices/sda2/Program
    Files/EnglishOtto/uninstallotto.exe

    WARNING: [Unsupported archive version]
    /media/Devices/sda2/Program Files/GemMaster/uninstallgemmaster.exe

    WARNING: [Unsupported archive version] /media/Devices/sda2/Program
    Files/WildTangent/Apps/GameChannel/Games/26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B
    3/DMXGameLaunch.exe

    WARNING: [Unexpected end of file]
    /media/Devices/sda2/Program
    Files/WildTangent/Apps/GameChannel/Games/26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B
    3/Uninstall.exe

    WARNING: [Unsupported archive version]
    /media/Devices/sda2/Program
    Files/WildTangent/Apps/GameChannel/Games/35B081E6-2482-4495-90F8-C00D6C42D2A
    0/DMXGameLaunch.exe

    WARNING: [Unexpected end of file]
    /media/Devices/sda2/Program
    Files/WildTangent/Apps/GameChannel/Games/35B081E6-2482-4495-90F8-C00D6C42D2A
    0/Uninstall.exe

    WARNING: [File is encrypted] /media/Devices/sda2/Program
    Files/Lavasoft/Ad-Aware SE Personal/Skins/Ad-Aware SE default.ask

    ALERT:
    [TR/Kazy.15448.4] /media/Devices/sda2/Qoobox/Quarantine/C/Documents and
    Settings/[USER]/Local Settings/Application Data/pwg.exe.vir <<< Is the
    Trojan horse TR/Kazy.15448.4 [renamed]

    ALERT: [Worm/Rbot.655092]
    /media/Devices/sda2/Qoobox/Quarantine/C/Program Files/aresfree.exe.vir <<<
    Contains signature of the worm WORM/Rbot.655092 [renamed]

    ALERT:
    [Worm/Rbot.655092] /media/Devices/sda2/Qoobox/Quarantine/C/Program
    Files/iTunesSetup.exe.vir <<< Contains signature of the worm
    WORM/Rbot.655092 [renamed]

    ALERT: [Worm/Rbot.655092]
    /media/Devices/sda2/Qoobox/Quarantine/C/Program Files/LimeWire.exe.vir <<<
    Contains signature of the worm WORM/Rbot.655092 [renamed]

    ALERT:
    [TR/Crypt.XPACK.Gen2]
    /media/Devices/sda2/Qoobox/Quarantine/C/WINDOWS/system32/cpyidimg.dll.vir
    <<< Is the Trojan horse TR/Crypt.XPACK.Gen2 [renamed]

    ALERT:
    [TR/Crypt.XPACK.Gen2]
    /media/Devices/sda2/Qoobox/Quarantine/C/WINDOWS/system32/urigamon.dll.vir
    <<< Is the Trojan horse TR/Crypt.XPACK.Gen2 [renamed]

    ALERT:
    [TR/Crypt.XPACK.Gen2]
    /media/Devices/sda2/Qoobox/Quarantine/C/WINDOWS/system32/zipahfat/usbabdev/p
    olottbl.dll.vir <<< Is the Trojan horse TR/Crypt.XPACK.Gen2 [renamed]

    ALERT: [TR/Diple.D] /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1436/A0118471.e
    xe <<< Is the Trojan horse TR/Diple.D [renamed]

    ALERT: [TR/Diple.D]
    /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1436/A0118476.e
    xe <<< Is the Trojan horse TR/Diple.D [renamed]

    ALERT: [DR/Spy.Delf.iur.5]
    /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1440/A0121572.e
    xe <<< Contains signature of the dropper DR/Spy.Delf.iur.5 [renamed]

    ALERT: [TR/Kazy.15448.4] /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1440/A0121594.e
    xe <<< Is the Trojan horse TR/Kazy.15448.4 [renamed]

    ALERT:
    [TR/Crypt.XPACK.Gen2] /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1441/A0121793.d
    ll <<< Is the Trojan horse TR/Crypt.XPACK.Gen2 [renamed]

    ALERT:
    [TR/Crypt.XPACK.Gen2] /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1441/A0121794.d
    ll <<< Is the Trojan horse TR/Crypt.XPACK.Gen2 [renamed]

    ALERT:
    [TR/Crypt.XPACK.Gen2] /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1441/A0121795.d
    ll <<< Is the Trojan horse TR/Crypt.XPACK.Gen2 [renamed]

    ALERT:
    [Worm/Rbot.655092] /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1452/A0129223.e
    xe <<< Contains signature of the worm WORM/Rbot.655092 [renamed]

    WARNING:
    [Bad compressed data] /media/Devices/sda2/System Volume
    Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1452/A0129224.e
    xe

    ALERT: [TR/Crypt.XPACK.Gen2]
    /media/Devices/sda2/WINDOWS/system32/rtfecfax.exe <<< Is the Trojan horse
    TR/Crypt.XPACK.Gen2 [renamed]

    WARNING: [Unexpected end of file]
    /media/Devices/sda2/WINDOWS/system32/Macromed/Flash/uninstall_plugin.exe

    ALERT: [TR/ATRAPS.Gen2] /media/Devices/sda2/WINDOWS/system32/imededis.dll
    <<< Is the Trojan horse TR/ATRAPS.Gen2 [renamed]

    WARNING: [Unexpected end
    of file] /media/Devices/sda2/WINDOWS/Downloaded Program
    Files/unagiuninst.exe


    Statistics :
    Directories............... : 22965
    Archives.................. : 3929
    Files..................... : 332701
    Infected.............. : 20
    Renamed........... : 20
    Warnings.............. : 115
    Suspicious............ : 2
    Ignored........... : 2
    Infections................ : 22
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Bill,

    Avira has a stand alone scanner as a follow up available Here and a manual in PDF format how to use it Here I`ve not used this particular tool before, it apparently is recommended as a follow up if you do not have Avira AV installed.
    Run the scan and post any log that is produced. Re-boot your system when finished and do a full scan with your onboard security AV. let me know if you see any improvement.

    Kevin...

    Edit... Avira will produce a log at the end of the scan and will be on your Desktop
     
  4. PALV

    PALV Thread Starter

    Joined:
    Mar 10, 2011
    Messages:
    56
    Kevin -
    AntiVir Removal Tool did not find any malicious items in memory or after full scan. Symantec AV's auto-protect identified and cleaned by deletion 2 instances of "Trojan.FakeAV!gen39" . Am doing a full scan with my AV now.

    Re: improvement - since original post started with browser hijacking, I've used a little used Sys Admin user account for testing, repairing and communicating with you, and not much other browsing by design until we feel its safe to do so. Point is - I'm not sure that the hijacking is still rampant - but in my troubleshooting use of IE has not resulted in any visible hijacking of late.

    The evidence and existence of rootkit infection obviously had me concerned. In your opinion, absent of further hijacking, do you think we've cleaned and corrected what was wrong with this system? I know you referenced much malware in previous posts, and it seems we've deleted, corrected and clean a lot. I'm not trying to rush this as I know it takes time, but seeking your opinion as far as how clean/safe you believe it is to put this computer back into regular use again.

    As always, I welcome any/all suggestions as far as steps, precautions, and advice to use going forward.

    Bill

    ---



    Anti
    Vir Removal Tool 3.0 (c) 2009 Avira GmbH
    Removal Tool for:
    Sober.J/P/Y
    TR/Agent.imh/its
    TR/Drop.Agent.qna.2/Agent.qna.1
    TR/PSW.Delf.AH/Kates.C.25
    TR/Spy.Delf.tge/Banker.AATZ/Banker.AATZ.1/Banker.AATZ.2/Banker.AATZ.3
    W32/Stanit.A
    Worm/NetSky.P
    Version: 3.0.1.17, Jun 3 2009 11:33:20
    Use /? to list all available command line options
    - Saving results to logfile "removaltool-win32-en.log".
    - Host: "Family", IP: 192.168.1.44
    Scanning memory... done
    No malware found in memory

    Scanning drive C: ...
    No malware found on hard drives
    scan results:
    scanned directories: 22876
    scanned files: 124098
    scanned streams: 223
    scanned processes: 52
    scanned modules: 571
    infected files: 0
    infected processes: 0
    repaired/removed files: 0
    renamed files: 0
    terminated processes: 0
    elapsed time for memory scan: 103.25 seconds
    average memory scanner throughput: 2557.98 KB/s
    elapsed time for file scan: 7716.66 seconds
    average file scanner throughput: 233.16 KB/s
    Thank you for using AntiVir Removal Tool.
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Bill,

    Lets wait and see what the AV scan shows before we decide on the next course of action. If the re-directs have ceased we are heading in the right direction.

    Kevin
     
  6. PALV

    PALV Thread Starter

    Joined:
    Mar 10, 2011
    Messages:
    56
    Kevin -
    Latest AV scan looked like it identified 8 infections of "Trojan.Maliava". Did not seem to be a scan log available as per other tools used here - but the scan history was exported as .csv file, which I've copied below. (Looked nice & neat in the window it opened in - not so much here...;-) Hope you can decipher.

    Bill

    ---

    Symantec AV Full Scan Results 03/23/11 5:53:06 PM
    Risk Action Count Filename Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date

    ?????? Left alone 1 55956235-3295b642.vir Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\ FAMILY FAMILY\2.Kristin No infected items C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\ Leave alone (log only) Leave alone (log only) Manual scan The file was left unchanged. 3/23/2011 18:37
    Trojan.Maljava Cleaned by deletion 1 menu/property.class File; Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir FAMILY FAMILY\2.Kristin Infected C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir Clean security risk Quarantine Manual scan 3/23/2011 18:37
    Trojan.Maljava Cleaned by deletion 1 menu/help.class File; Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir FAMILY FAMILY\2.Kristin Infected C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir Clean security risk Quarantine Manual scan 3/23/2011 18:37
    Trojan.Maljava Cleaned by deletion 1 menu/file.class File; Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir FAMILY FAMILY\2.Kristin Infected C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir Clean security risk Quarantine Manual scan 3/23/2011 18:37
    Trojan.Maljava Cleaned by deletion 1 menu/edit.class File; Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir FAMILY FAMILY\2.Kristin Infected C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir Clean security risk Quarantine Manual scan 3/23/2011 18:37
    Trojan.Maljava Cleaned by deletion 1 lort/object4.class File; Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir FAMILY FAMILY\2.Kristin Infected C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir Clean security risk Quarantine Manual scan 3/23/2011 18:37
    Trojan.Maljava Cleaned by deletion 1 lort/object2.class File; Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir FAMILY FAMILY\2.Kristin Infected C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir Clean security risk Quarantine Manual scan 3/23/2011 18:37
    Trojan.Maljava Cleaned by deletion 1 lort/cooter.class File; Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir FAMILY FAMILY\2.Kristin Infected C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir Clean security risk Quarantine Manual scan 3/23/2011 18:37
    Trojan.Maljava Cleaned by deletion 1 lort/border.class File; Compressed file C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir FAMILY FAMILY\2.Kristin Infected C:\Documents and Settings\[USER]\Application Data\Sun\Java\Deployment\cache\6.0\53\55956235-3295b642.vir Clean security risk Quarantine Manual scan 3/23/2011 18:37
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Bill,

    Proceed as follows please :-

    Step 1

    Please download OTM by OldTimer.
    Alternative Mirror
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Files
      ipconfig /flushdns /c
      :Commands
      [EmptyTemp]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Step 2

    You were using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 24.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Step 3

    Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

    Please go to the link below to update.

    Adobe Reader Untick the Free McAfee® Security Scan Plus

    Step 4

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.

    If you already have Malwarebytes installed open the program and check for updates, then as below...
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post the log from Malwarebytes in your reply, also give an update on any issues that remain.

    Kevin
     
  8. PALV

    PALV Thread Starter

    Joined:
    Mar 10, 2011
    Messages:
    56
    Kevin -
    Java and Adobe Reader updated (and prior versions deleted).

    OTM and MBAM logs, below.

    Bill

    ----
    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\2.Kristin\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\2.Kristin\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: 1

    User: 1.Mom
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1003823 bytes
    ->Java cache emptied: 57604347 bytes
    ->Flash cache emptied: 1823165 bytes

    User: 1~Mom

    User: 2.Kristin
    ->Temp folder emptied: 7761677 bytes
    ->Temporary Internet Files folder emptied: 66706782 bytes
    ->Java cache emptied: 7860491 bytes
    ->Flash cache emptied: 62250 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 59964 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 56543 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 735582 bytes
    ->Flash cache emptied: 741 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 8912 bytes
    ->Flash cache emptied: 8556 bytes

    User: [USER]
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Java cache emptied: 4658221 bytes
    ->Flash cache emptied: 56735 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 7344145 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1605531 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 64873 bytes

    Total Files Cleaned = 150.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 03242011_092845
    Files moved on Reboot...
    File C:\WINDOWS\temp\pdk-SYSTEM-548\0a6b9f23e356336cc61530f586d0c66a.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\1ff4eae997b1753d848dbbc61d1b4345.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\31aa023220b46a62dd91739a3bf1cad4.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\36971e8ed4d19cc0a7051079b039c204.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\42db37dadb779dbfc5da8bdd7ec61c52.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\44abde5de65f3f034faac2c132713018.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\7aace6f21e4c397996b145b7fd777643.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\7acaa276f32e012922082aa697dfa218.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\89f4ac43ba2b792785d9d472365e562b.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\8d3b343ab48cfb6b14fa9d0dc35ce9e6.dll not found!
    File C:\WINDOWS\temp\pdk-SYSTEM-548\b2774d247dfbf0abe8539e577ee59b4c.dll not found!
    Registry entries deleted on Reboot...



    ----

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 6151
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13
    3/24/2011 11:54:16 AM
    mbam-log-2011-03-24 (11-54-16).txt
    Scan type: Quick scan
    Objects scanned: 201058
    Time elapsed: 25 minute(s), 54 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Bill,

    What is the state of play with your system now, any improvement? Recent logs look promising.

    Kevin
     
  10. PALV

    PALV Thread Starter

    Joined:
    Mar 10, 2011
    Messages:
    56
    Kevin -
    Overall it seems pretty good. Redirects and hijacks appear to have stopped, and no other "strange" behavior has been evident recently. My only question left on this front has to do with the different user accounts noted previously : the primary user account has not been used while troubleshooting (but that is where the symptoms were first noticed). Is is safe to assume that the cleaning, updating and corrections we've done will have crossed all user account areas?

    Between removal of "bad stuff" and updated versions of risk areas, I'm thinking we're in much better shape than when we started (but I defer to the expert.....;-) )

    Thoughts?

    Bill
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Bill,

    All accounts will be similar, run this final scan please; it will not take long. I`ll read back through your thread and see what we need to do to clean up...

    Download [​IMG] from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply
    Copy and paste OTL Txt and ExtrasTxt in your reply.

    Kevin
     
  12. PALV

    PALV Thread Starter

    Joined:
    Mar 10, 2011
    Messages:
    56
    Kevin-

    Requested logs, below.

    Bill
    ----

    OTL Txt :

    OTL logfile created on: 3/24/2011 5:04:53 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\2.Kristin\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 31.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 78.99 Gb Free Space | 54.74% Space Free | Partition Type: NTFS

    Computer Name: FAMILY | User Name: 2.Kristin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/24 17:01:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTL.exe
    PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
    PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
    PRC - [2011/02/01 05:54:30 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
    PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/12/20 19:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2006/09/27 20:35:02 | 000,038,696 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\CBA\pds.exe
    PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
    PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2006/09/27 14:17:54 | 001,324,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
    PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/24 17:01:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (AresChatServer)
    SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
    SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
    SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/09/27 20:35:02 | 000,038,696 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\CBA\pds.exe -- (Intel PDS)
    SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2006/09/27 14:17:54 | 001,324,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe -- (Reporting)
    SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
    SRV - [2006/08/11 08:38:50 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/12/17 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110320.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/17 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110320.003\NAVENG.SYS -- (NAVENG)
    DRV - [2010/07/15 13:50:36 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/07/15 13:50:36 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007/10/11 22:01:06 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2007/10/11 22:00:54 | 003,647,384 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
    DRV - [2007/10/11 22:00:43 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/10/11 21:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/07/20 12:09:15 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2006/08/11 08:45:53 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/06/06 21:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
    DRV - [2005/05/25 22:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
    DRV - [2005/03/25 16:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
    DRV - [2005/01/11 00:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
    DRV - [2005/01/11 00:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
    DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2002/11/26 14:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3F15FA0E-1BC7-4C4E-B3CF-91A6B67E9BC2}: C:\Documents and Settings\[USER]\Local Settings\Application Data\{3F15FA0E-1BC7-4C4E-B3CF-91A6B67E9BC2} [2010/07/27 06:30:36 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/03/21 18:23:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
    O4 - HKCU..\Run: [Weather] File not found
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://webportal.hunterdonhealthcare.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\2.Kristin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\2.Kristin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56027131116781568)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/24 17:00:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTL.exe
    [2011/03/24 11:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
    [2011/03/24 11:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2011/03/24 10:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/03/24 10:22:27 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/03/24 10:22:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/03/24 10:22:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/03/24 10:22:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/03/24 10:22:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/03/24 10:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2011/03/24 09:28:45 | 000,000,000 | ---D | C] -- C:\_OTM
    [2011/03/24 09:26:53 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTM.exe
    [2011/03/23 14:20:16 | 000,367,616 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\2.Kristin\Desktop\removaltool-win32-en.exe
    [2011/03/23 08:41:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/03/22 13:40:48 | 000,000,000 | ---D | C] -- C:\bin
    [2011/03/22 13:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2011/03/22 13:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
    [2011/03/22 07:06:45 | 000,000,000 | ---D | C] -- C:\ARK
    [2011/03/21 18:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/03/21 14:22:52 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
    [2011/03/21 14:22:51 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
    [2011/03/21 14:22:50 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
    [2011/03/21 14:17:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
    [2011/03/21 14:17:41 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
    [2011/03/21 13:57:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
    [2011/03/21 10:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Application Data\pdf995
    [2011/03/21 10:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2011/03/21 10:23:06 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
    [2011/03/21 10:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software995
    [2011/03/21 10:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
    [2011/03/20 06:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\VERIZONDM
    [2011/03/20 06:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2011/03/20 06:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
    [2011/03/19 16:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Local Settings\Application Data\Temp
    [2011/03/19 16:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2011/03/16 15:10:28 | 000,000,000 | ---D | C] -- C:\Gotcha
    [2011/03/16 14:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Tracing
    [2011/03/16 08:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\DoctorWeb
    [2011/03/14 14:32:38 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouclass.sys
    [2011/03/14 14:28:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/03/14 13:42:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/14 13:42:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/14 13:42:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/14 13:42:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/14 13:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/03/14 13:41:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/12 11:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Desktop\Virus removal
    [2011/03/11 21:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Application Data\Malwarebytes
    [2011/03/11 21:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\2.Kristin\Desktop\TDSSKiller.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/03/24 17:19:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/24 17:01:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTL.exe
    [2011/03/24 10:50:56 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/03/24 10:50:56 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2011/03/24 10:50:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/24 10:50:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\WinUtilities-02BB2F56CB964deb8996194DE7EB5275.job
    [2011/03/24 10:49:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/24 10:49:26 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/24 10:47:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2011/03/24 10:47:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2011/03/24 10:21:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/03/24 10:21:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/03/24 10:21:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/03/24 10:21:27 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/03/24 10:21:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/03/24 10:04:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/24 09:26:58 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTM.exe
    [2011/03/23 14:20:18 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\2.Kristin\Desktop\removaltool-win32-en.exe
    [2011/03/23 14:02:36 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Photosmart C6100 series.job
    [2011/03/23 10:40:31 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/03/23 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2011/03/22 17:49:35 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2011/03/22 17:49:31 | 000,503,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/03/22 17:49:31 | 000,088,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/03/22 13:52:21 | 000,117,091 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
    [2011/03/22 13:41:11 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
    [2011/03/22 13:37:16 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
    [2011/03/22 13:37:16 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    [2011/03/22 13:33:15 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/03/22 13:32:17 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
    [2011/03/22 13:31:27 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
    [2011/03/22 13:02:36 | 000,000,124 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2011/03/22 12:03:22 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\2.Kristin\DOT4_001
    [2011/03/22 11:00:18 | 000,228,901 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\GMER window.JPG
    [2011/03/21 18:23:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/21 18:04:04 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
    [2011/03/21 17:55:01 | 004,298,593 | R--- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\Gotcha.exe
    [2011/03/21 17:53:09 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\Windows Firewall.lnk
    [2011/03/21 16:13:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/03/21 12:45:31 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\Error number 0×80070424 in Windows Update &#8211; Solution - Techie Corner.url
    [2011/03/21 11:57:56 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\automatic update service not working - Tech Support Guy Forums.url
    [2011/03/21 10:45:14 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
    [2011/03/21 10:32:19 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini
    [2011/03/21 10:23:06 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
    [2011/03/21 10:23:06 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2011/03/19 16:33:17 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/03/18 17:37:20 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\08rhyz9f.exe
    [2011/03/18 14:33:30 | 000,012,326 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\TDSSKiller results.JPG
    [2011/03/18 14:24:43 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\2.Kristin\Desktop\TDSSKiller.exe
    [2011/03/18 14:24:05 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\tdsskiller.zip
    [2011/03/18 06:37:41 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\RKUnhookerLE.EXE
    [2011/03/17 07:13:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\MBRCheck.exe
    [2011/03/16 22:28:51 | 000,879,069 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\SecurityCheck.exe
    [2011/03/16 16:13:10 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\General Security Information, How to tighten Security Settings and Warnings - Tech Support Guy Forums.url
    [2011/03/16 11:20:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/03/15 17:56:33 | 000,021,314 | ---- | M] () -- C:\WINDOWS\System32\avididoc.dll
    [2011/03/15 08:35:50 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/03/12 11:10:00 | 000,000,589 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\Shortcut to Moms Favorites.lnk
    [2011/03/12 00:33:50 | 000,012,682 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3452207138
    [2011/03/11 23:56:38 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
    [2011/03/10 11:40:46 | 000,000,047 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE
    [2011/03/09 19:32:32 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2011/02/27 16:02:06 | 122,562,410 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg

    ========== Files Created - No Company Name ==========

    [2011/03/23 14:02:35 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Photosmart C6100 series.job
    [2011/03/22 13:41:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2011/03/22 13:41:10 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
    [2011/03/22 13:37:16 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
    [2011/03/22 13:37:16 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    [2011/03/22 13:33:15 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/03/22 13:32:17 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
    [2011/03/22 13:31:27 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
    [2011/03/22 13:00:38 | 000,117,091 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2011/03/22 12:02:44 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\2.Kristin\DOT4_001
    [2011/03/22 11:00:18 | 000,228,901 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\GMER window.JPG
    [2011/03/21 18:04:04 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
    [2011/03/21 17:53:09 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\Windows Firewall.lnk
    [2011/03/21 12:45:31 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\Error number 0×80070424 in Windows Update &#8211; Solution - Techie Corner.url
    [2011/03/21 11:57:56 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\automatic update service not working - Tech Support Guy Forums.url
    [2011/03/21 10:32:19 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
    [2011/03/21 10:23:09 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
    [2011/03/21 10:23:06 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2011/03/20 06:28:04 | 004,298,593 | R--- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\Gotcha.exe
    [2011/03/20 06:11:49 | 009,811,968 | ---- | C] () -- C:\WINDOWS\VerizonDM.msi
    [2011/03/19 16:33:17 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/03/19 16:33:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/03/18 17:37:19 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\08rhyz9f.exe
    [2011/03/18 14:33:30 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\TDSSKiller results.JPG
    [2011/03/18 14:23:59 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\tdsskiller.zip
    [2011/03/18 06:37:41 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\RKUnhookerLE.EXE
    [2011/03/18 06:00:56 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
    [2011/03/17 07:13:20 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\MBRCheck.exe
    [2011/03/16 22:28:45 | 000,879,069 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\SecurityCheck.exe
    [2011/03/16 16:13:10 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\General Security Information, How to tighten Security Settings and Warnings - Tech Support Guy Forums.url
    [2011/03/14 14:28:21 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/03/14 14:28:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/03/14 13:42:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/14 13:42:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/14 13:42:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/14 13:42:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/14 13:42:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/12 11:10:00 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\Shortcut to Moms Favorites.lnk
    [2011/03/11 21:33:44 | 000,012,682 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3452207138
    [2011/03/09 18:58:37 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
    [2011/02/27 16:01:32 | 122,562,410 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
    [2010/10/27 00:23:48 | 000,127,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/10/27 00:23:40 | 000,191,654 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2010/07/25 16:49:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adujabivebaxitiv.dat
    [2010/07/25 16:49:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Olitihikilugoqor.bin
    [2010/04/06 13:12:29 | 000,000,059 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
    [2010/02/07 14:17:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIVMGR.INI
    [2009/11/12 15:30:46 | 000,021,314 | ---- | C] () -- C:\WINDOWS\System32\avididoc.dll
    [2009/11/12 14:47:00 | 006,582,272 | ---- | C] () -- C:\WINDOWS\System32\rtfecfax.exe.vir
    [2009/10/31 11:21:10 | 000,042,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/09/25 15:09:13 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/09/25 12:32:50 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
    [2009/08/10 11:12:59 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2008/11/28 15:02:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2008/06/25 15:29:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/06/25 13:39:53 | 000,059,500 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/03/20 13:02:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/03/09 21:36:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/02/10 19:00:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
    [2008/02/10 15:36:47 | 004,891,136 | ---- | C] () -- C:\Program Files\WeatherbugSetupZ6157.msi
    [2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2007/09/03 10:15:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/08/06 09:22:21 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/06/06 11:59:55 | 000,000,384 | ---- | C] () -- C:\WINDOWS\Wyncs.INI
    [2007/05/08 07:00:08 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
    [2007/02/13 08:38:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2006/12/01 08:03:59 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
    [2006/12/01 08:03:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
    [2006/12/01 08:02:37 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2006/12/01 08:01:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
    [2006/12/01 07:59:48 | 000,001,413 | ---- | C] () -- C:\WINDOWS\pstudio.ini
    [2006/12/01 07:59:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
    [2006/12/01 07:59:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
    [2006/11/24 12:15:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/10/19 14:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
    [2006/10/19 12:52:28 | 000,000,191 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2006/10/02 22:26:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
    [2006/08/19 19:48:17 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/08/19 19:48:17 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\CF7422D466.sys
    [2006/08/19 13:50:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/08/19 11:48:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2006/08/18 13:01:07 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Local Settings\Application Data\fusioncache.dat
    [2006/08/18 11:05:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2006/08/11 09:01:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/11 08:52:04 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/08/11 08:48:23 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2006/08/11 08:45:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/08/11 08:43:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/08/11 08:39:19 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
    [2006/08/11 08:15:30 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
    [2006/08/11 08:15:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/08/11 08:15:14 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
    [2006/08/11 08:15:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SETLANG.EXE
    [2006/08/11 08:15:06 | 001,042,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSF_DP.sys
    [2006/08/11 08:14:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2006/08/11 08:14:50 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/08/11 08:14:20 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/05/05 17:18:56 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/16 04:27:59 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/08/16 04:18:33 | 000,503,536 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2005/08/16 04:18:33 | 000,088,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2005/08/16 04:18:21 | 000,158,730 | ---- | C] () -- C:\WINDOWS\System32\docipurl32.dll
    [2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

    ========== LOP Check ==========

    [2006/08/19 13:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\acccore
    [2006/08/19 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Aim
    [2008/04/27 13:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Canon
    [2007/08/07 22:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\HotSync
    [2007/04/16 12:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\ICAClient
    [2011/03/21 10:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\pdf995
    [2008/02/09 18:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\PlayFirst
    [2008/05/07 10:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Uniblue
    [2007/01/20 01:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Viewpoint
    [2008/02/10 15:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\WeatherBug
    [2006/08/18 22:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\WildTangent
    [2007/11/23 23:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Zylom
    [2006/12/24 12:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
    [2006/12/24 11:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
    [2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2007/07/20 12:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2006/09/16 11:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2011/03/21 10:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2008/02/09 18:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2007/12/29 20:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2009/09/25 12:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2011/02/04 08:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2011/03/20 06:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/01/23 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/26 13:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/08/18 11:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Studio
    [2007/07/20 23:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2007/11/23 23:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2009/10/30 15:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/03/24 10:50:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\WinUtilities-02BB2F56CB964deb8996194DE7EB5275.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/11/21 11:03:32 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/03/15 08:35:50 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/03/21 18:04:04 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/03/21 18:47:38 | 000,014,531 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/08/18 15:03:50 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
    [2006/08/11 08:19:42 | 000,007,039 | RH-- | M] () -- C:\dell.sdr
    [2011/03/09 19:32:32 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2008/12/15 06:54:37 | 000,000,179 | ---- | M] () -- C:\handle.dat
    [2011/03/24 10:49:26 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2007/07/20 12:11:14 | 004,751,376 | ---- | M] () -- C:\HuskyInstallerLog.txt
    [2006/08/19 15:41:05 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2009/02/02 17:58:32 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
    [2008/04/27 17:46:07 | 000,003,126 | -H-- | M] () -- C:\IPH.PH
    [2011/03/24 10:57:00 | 000,227,764 | ---- | M] () -- C:\mombi.log
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/09/13 11:57:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/24 10:49:06 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2008/02/09 19:04:50 | 000,102,486 | ---- | M] () -- C:\playground.log
    [2006/10/19 13:44:02 | 000,000,136 | ---- | M] () -- C:\SerialSync.txt
    [2006/12/24 12:17:09 | 000,000,200 | ---- | M] () -- C:\setup.log
    [2009/08/09 01:03:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/08/09 22:47:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/08/10 08:29:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/08/10 08:31:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/08/10 10:42:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/08/10 11:28:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009/08/10 12:04:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009/08/10 12:34:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/08/10 12:34:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/08/10 12:35:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/08/10 12:39:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/08/10 12:40:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/08/10 12:41:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/08/10 12:42:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009/08/10 12:43:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2009/08/10 12:43:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2009/08/10 13:19:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2009/08/11 03:29:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2009/08/08 13:35:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2009/08/09 00:58:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2009/08/09 01:03:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/08/09 22:47:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/08/10 08:29:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/08/10 08:31:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/08/10 10:42:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/08/10 11:28:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009/08/10 12:04:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009/08/10 12:34:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/08/10 12:34:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/08/10 12:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/08/10 12:39:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/08/10 12:40:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/08/10 12:41:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/08/10 12:42:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009/08/10 12:43:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2009/08/10 12:43:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2009/08/10 13:19:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2009/08/11 03:29:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2009/08/08 13:35:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2009/08/09 00:58:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2011/02/27 16:02:06 | 122,562,410 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
    [2006/08/11 08:46:15 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2011/03/15 05:37:07 | 000,061,508 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_15.03.2011_05.33.27_log.txt
    [2011/03/18 14:39:01 | 000,059,976 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_18.03.2011_14.26.00_log.txt
    [2006/12/24 12:17:01 | 000,000,851 | ---- | M] () -- C:\tempbmm.iss
    [2007/08/23 08:30:03 | 000,004,581 | ---- | M] () -- C:\VETlog.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 04:07:22

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
    < End of report >

    ----

    ExtrasTxt :

    OTL Extras logfile created on: 3/24/2011 5:04:53 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\2.Kristin\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 31.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 78.99 Gb Free Space | 54.74% Space Free | Partition Type: NTFS

    Computer Name: FAMILY | User Name: 2.Kristin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)
    "C:\Palm\HOTSYNC.EXE" = C:\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:LocalSubNet:Enabled:mbam.exe -- (Malwarebytes Corporation)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{02807340-8FA2-44B6-ABA1-E443E4FF0A20}" = VZAccess Manager for RIM
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
    "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E7E8E6A-15F1-4E26-9352-26AD235131E9}" = Documents To Go
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype&#8482; 3.8
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
    "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110206700}" = Bejeweled
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
    "{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
    "{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
    "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
    "{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
    "{E0B27188-A15E-4C64-AE49-85E8EF46184B}" = Reporting Agents (Symantec Corporation)
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}" = The Print Shop
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 9.82 Free Edition
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
    "35B081E6-2482-4495-90F8-C00D6C42D2A0" = FaceIt
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "American Airlines TravelDesk_is1" = American Airlines TravelDesk
    "AOL Instant Messenger" = AOL Instant Messenger
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "ArcSoft PhotoBase" = ArcSoft PhotoBase
    "ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
    "ATI Display Driver" = ATI Display Driver
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523
    "BFGC" = Big Fish Games Client
    "BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
    "CAL" = Canon Camera Access Library
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Crossword Weaver 8.0" = Crossword Weaver 8.0
    "CSCLIB" = Canon Camera Support Core Library
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Game Console" = Dell Game Console
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "EOS Utility" = Canon Utilities EOS Utility
    "ESPNMotion" = ESPNMotion
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
    "lvdrivers_11.50" = Logitech QuickCam Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Monopoly Here & Now Edition" = Monopoly Here & Now Edition (remove only)
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MSNINST" = MSN
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
    "OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
    "Pdf995" = Pdf995
    "PdfEdit995" = PdfEdit995
    "PhotoStitch" = Canon Utilities PhotoStitch
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 6.0" = RealPlayer Basic
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Shockwave" = Shockwave
    "Snood 4_is1" = Snood 4
    "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "VCast Music Essentials Manager" = V CAST Music Manager
    "Verizon Online DSL_is1" = Verizon Online DSL
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "WT009382" = Mah-Jomino
    "WT014569" = Blasterball 2 Holidays
    "WT014651" = Ocean Express
    "WT014654" = PegSweeper
    "WT014676" = Serpengo
    "WT014681" = Slingo Deluxe
    "WT023996" = Puzzle Express
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    [ System Events ]
    Error - 3/24/2011 9:28:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The LVCOMSer service terminated unexpectedly. It has done this 1
    time(s).

    Error - 3/24/2011 9:28:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 3/24/2011 9:28:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The Machine Debug Manager service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 3/24/2011 9:28:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 3/24/2011 9:28:51 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The MSSQLSERVER service terminated unexpectedly. It has done this
    1 time(s).

    Error - 3/24/2011 9:28:51 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Sprocket Service (verizondm) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/24/2011 9:28:52 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The Canon Camera Access Library 8 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/24/2011 9:28:52 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Repair Service (verizondm) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/24/2011 10:00:12 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7024
    Description = The Symantec SPBBCSvc service terminated with service-specific error
    4294967295 (0xFFFFFFFF).

    Error - 3/24/2011 10:53:58 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7024
    Description = The Symantec SPBBCSvc service terminated with service-specific error
    4294967295 (0xFFFFFFFF).


    < End of report >
     
  13. PALV

    PALV Thread Starter

    Joined:
    Mar 10, 2011
    Messages:
    56
    Kevin-

    Requested logs, below.

    Bill
    ----

    OTL Txt :

    OTL logfile created on: 3/24/2011 5:04:53 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\2.Kristin\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 31.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 78.99 Gb Free Space | 54.74% Space Free | Partition Type: NTFS

    Computer Name: FAMILY | User Name: 2.Kristin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/24 17:01:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTL.exe
    PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
    PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
    PRC - [2011/02/01 05:54:30 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
    PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/12/20 19:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2006/09/27 20:35:02 | 000,038,696 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\CBA\pds.exe
    PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
    PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2006/09/27 14:17:54 | 001,324,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
    PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/24 17:01:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (AresChatServer)
    SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
    SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
    SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/09/27 20:35:02 | 000,038,696 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\CBA\pds.exe -- (Intel PDS)
    SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2006/09/27 14:17:54 | 001,324,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe -- (Reporting)
    SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
    SRV - [2006/08/11 08:38:50 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/12/17 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110320.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/17 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110320.003\NAVENG.SYS -- (NAVENG)
    DRV - [2010/07/15 13:50:36 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/07/15 13:50:36 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007/10/11 22:01:06 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2007/10/11 22:00:54 | 003,647,384 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
    DRV - [2007/10/11 22:00:43 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/10/11 21:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/07/20 12:09:15 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2006/08/11 08:45:53 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/06/06 21:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
    DRV - [2005/05/25 22:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
    DRV - [2005/03/25 16:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
    DRV - [2005/01/11 00:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
    DRV - [2005/01/11 00:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
    DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2002/11/26 14:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3F15FA0E-1BC7-4C4E-B3CF-91A6B67E9BC2}: C:\Documents and Settings\[USER]\Local Settings\Application Data\{3F15FA0E-1BC7-4C4E-B3CF-91A6B67E9BC2} [2010/07/27 06:30:36 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/03/21 18:23:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
    O4 - HKCU..\Run: [Weather] File not found
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://webportal.hunterdonhealthcare.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\2.Kristin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\2.Kristin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56027131116781568)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/24 17:00:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTL.exe
    [2011/03/24 11:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
    [2011/03/24 11:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2011/03/24 10:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/03/24 10:22:27 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/03/24 10:22:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/03/24 10:22:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/03/24 10:22:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/03/24 10:22:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/03/24 10:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2011/03/24 09:28:45 | 000,000,000 | ---D | C] -- C:\_OTM
    [2011/03/24 09:26:53 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTM.exe
    [2011/03/23 14:20:16 | 000,367,616 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\2.Kristin\Desktop\removaltool-win32-en.exe
    [2011/03/23 08:41:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/03/22 13:40:48 | 000,000,000 | ---D | C] -- C:\bin
    [2011/03/22 13:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2011/03/22 13:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
    [2011/03/22 07:06:45 | 000,000,000 | ---D | C] -- C:\ARK
    [2011/03/21 18:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/03/21 14:22:52 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
    [2011/03/21 14:22:51 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
    [2011/03/21 14:22:50 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
    [2011/03/21 14:17:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
    [2011/03/21 14:17:41 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
    [2011/03/21 13:57:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
    [2011/03/21 10:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Application Data\pdf995
    [2011/03/21 10:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2011/03/21 10:23:06 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
    [2011/03/21 10:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software995
    [2011/03/21 10:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
    [2011/03/20 06:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\VERIZONDM
    [2011/03/20 06:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2011/03/20 06:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
    [2011/03/19 16:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Local Settings\Application Data\Temp
    [2011/03/19 16:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2011/03/16 15:10:28 | 000,000,000 | ---D | C] -- C:\Gotcha
    [2011/03/16 14:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Tracing
    [2011/03/16 08:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\DoctorWeb
    [2011/03/14 14:32:38 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouclass.sys
    [2011/03/14 14:28:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/03/14 13:42:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/14 13:42:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/14 13:42:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/14 13:42:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/14 13:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/03/14 13:41:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/12 11:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Desktop\Virus removal
    [2011/03/11 21:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2.Kristin\Application Data\Malwarebytes
    [2011/03/11 21:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\2.Kristin\Desktop\TDSSKiller.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/03/24 17:19:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/24 17:01:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTL.exe
    [2011/03/24 10:50:56 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/03/24 10:50:56 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2011/03/24 10:50:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/24 10:50:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\WinUtilities-02BB2F56CB964deb8996194DE7EB5275.job
    [2011/03/24 10:49:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/24 10:49:26 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/24 10:47:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2011/03/24 10:47:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2011/03/24 10:21:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/03/24 10:21:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/03/24 10:21:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/03/24 10:21:27 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/03/24 10:21:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/03/24 10:04:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/24 09:26:58 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2.Kristin\Desktop\OTM.exe
    [2011/03/23 14:20:18 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\2.Kristin\Desktop\removaltool-win32-en.exe
    [2011/03/23 14:02:36 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Photosmart C6100 series.job
    [2011/03/23 10:40:31 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/03/23 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2011/03/22 17:49:35 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2011/03/22 17:49:31 | 000,503,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/03/22 17:49:31 | 000,088,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/03/22 13:52:21 | 000,117,091 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
    [2011/03/22 13:41:11 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
    [2011/03/22 13:37:16 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
    [2011/03/22 13:37:16 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    [2011/03/22 13:33:15 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/03/22 13:32:17 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
    [2011/03/22 13:31:27 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
    [2011/03/22 13:02:36 | 000,000,124 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2011/03/22 12:03:22 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\2.Kristin\DOT4_001
    [2011/03/22 11:00:18 | 000,228,901 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\GMER window.JPG
    [2011/03/21 18:23:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/21 18:04:04 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
    [2011/03/21 17:55:01 | 004,298,593 | R--- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\Gotcha.exe
    [2011/03/21 17:53:09 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\Windows Firewall.lnk
    [2011/03/21 16:13:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/03/21 12:45:31 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\Error number 0×80070424 in Windows Update – Solution - Techie Corner.url
    [2011/03/21 11:57:56 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\automatic update service not working - Tech Support Guy Forums.url
    [2011/03/21 10:45:14 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
    [2011/03/21 10:32:19 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini
    [2011/03/21 10:23:06 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
    [2011/03/21 10:23:06 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2011/03/19 16:33:17 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/03/18 17:37:20 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\08rhyz9f.exe
    [2011/03/18 14:33:30 | 000,012,326 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\TDSSKiller results.JPG
    [2011/03/18 14:24:43 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\2.Kristin\Desktop\TDSSKiller.exe
    [2011/03/18 14:24:05 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\tdsskiller.zip
    [2011/03/18 06:37:41 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\RKUnhookerLE.EXE
    [2011/03/17 07:13:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\MBRCheck.exe
    [2011/03/16 22:28:51 | 000,879,069 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\SecurityCheck.exe
    [2011/03/16 16:13:10 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\General Security Information, How to tighten Security Settings and Warnings - Tech Support Guy Forums.url
    [2011/03/16 11:20:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/03/15 17:56:33 | 000,021,314 | ---- | M] () -- C:\WINDOWS\System32\avididoc.dll
    [2011/03/15 08:35:50 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/03/12 11:10:00 | 000,000,589 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Desktop\Shortcut to Moms Favorites.lnk
    [2011/03/12 00:33:50 | 000,012,682 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3452207138
    [2011/03/11 23:56:38 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\2.Kristin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
    [2011/03/10 11:40:46 | 000,000,047 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE
    [2011/03/09 19:32:32 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2011/02/27 16:02:06 | 122,562,410 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg

    ========== Files Created - No Company Name ==========

    [2011/03/23 14:02:35 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Photosmart C6100 series.job
    [2011/03/22 13:41:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2011/03/22 13:41:10 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
    [2011/03/22 13:37:16 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
    [2011/03/22 13:37:16 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    [2011/03/22 13:33:15 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/03/22 13:32:17 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
    [2011/03/22 13:31:27 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
    [2011/03/22 13:00:38 | 000,117,091 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2011/03/22 12:02:44 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\2.Kristin\DOT4_001
    [2011/03/22 11:00:18 | 000,228,901 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\GMER window.JPG
    [2011/03/21 18:04:04 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
    [2011/03/21 17:53:09 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\Windows Firewall.lnk
    [2011/03/21 12:45:31 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\Error number 0×80070424 in Windows Update – Solution - Techie Corner.url
    [2011/03/21 11:57:56 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\automatic update service not working - Tech Support Guy Forums.url
    [2011/03/21 10:32:19 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
    [2011/03/21 10:23:09 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
    [2011/03/21 10:23:06 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2011/03/20 06:28:04 | 004,298,593 | R--- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\Gotcha.exe
    [2011/03/20 06:11:49 | 009,811,968 | ---- | C] () -- C:\WINDOWS\VerizonDM.msi
    [2011/03/19 16:33:17 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/03/19 16:33:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/03/18 17:37:19 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\08rhyz9f.exe
    [2011/03/18 14:33:30 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\TDSSKiller results.JPG
    [2011/03/18 14:23:59 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\tdsskiller.zip
    [2011/03/18 06:37:41 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\RKUnhookerLE.EXE
    [2011/03/18 06:00:56 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
    [2011/03/17 07:13:20 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\MBRCheck.exe
    [2011/03/16 22:28:45 | 000,879,069 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\SecurityCheck.exe
    [2011/03/16 16:13:10 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\General Security Information, How to tighten Security Settings and Warnings - Tech Support Guy Forums.url
    [2011/03/14 14:28:21 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/03/14 14:28:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/03/14 13:42:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/14 13:42:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/14 13:42:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/14 13:42:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/14 13:42:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/12 11:10:00 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Desktop\Shortcut to Moms Favorites.lnk
    [2011/03/11 21:33:44 | 000,012,682 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3452207138
    [2011/03/09 18:58:37 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
    [2011/02/27 16:01:32 | 122,562,410 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
    [2010/10/27 00:23:48 | 000,127,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/10/27 00:23:40 | 000,191,654 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2010/07/25 16:49:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adujabivebaxitiv.dat
    [2010/07/25 16:49:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Olitihikilugoqor.bin
    [2010/04/06 13:12:29 | 000,000,059 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
    [2010/02/07 14:17:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIVMGR.INI
    [2009/11/12 15:30:46 | 000,021,314 | ---- | C] () -- C:\WINDOWS\System32\avididoc.dll
    [2009/11/12 14:47:00 | 006,582,272 | ---- | C] () -- C:\WINDOWS\System32\rtfecfax.exe.vir
    [2009/10/31 11:21:10 | 000,042,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/09/25 15:09:13 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/09/25 12:32:50 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
    [2009/08/10 11:12:59 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2008/11/28 15:02:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2008/06/25 15:29:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/06/25 13:39:53 | 000,059,500 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/03/20 13:02:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/03/09 21:36:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/02/10 19:00:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
    [2008/02/10 15:36:47 | 004,891,136 | ---- | C] () -- C:\Program Files\WeatherbugSetupZ6157.msi
    [2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2007/09/03 10:15:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/08/06 09:22:21 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/06/06 11:59:55 | 000,000,384 | ---- | C] () -- C:\WINDOWS\Wyncs.INI
    [2007/05/08 07:00:08 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
    [2007/02/13 08:38:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2006/12/01 08:03:59 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
    [2006/12/01 08:03:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
    [2006/12/01 08:02:37 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2006/12/01 08:01:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
    [2006/12/01 07:59:48 | 000,001,413 | ---- | C] () -- C:\WINDOWS\pstudio.ini
    [2006/12/01 07:59:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
    [2006/12/01 07:59:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
    [2006/11/24 12:15:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/10/19 14:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
    [2006/10/19 12:52:28 | 000,000,191 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2006/10/02 22:26:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
    [2006/08/19 19:48:17 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/08/19 19:48:17 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\CF7422D466.sys
    [2006/08/19 13:50:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/08/19 11:48:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2006/08/18 13:01:07 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\2.Kristin\Local Settings\Application Data\fusioncache.dat
    [2006/08/18 11:05:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2006/08/11 09:01:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/11 08:52:04 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/08/11 08:48:23 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2006/08/11 08:45:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/08/11 08:43:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/08/11 08:39:19 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
    [2006/08/11 08:15:30 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
    [2006/08/11 08:15:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/08/11 08:15:14 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
    [2006/08/11 08:15:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SETLANG.EXE
    [2006/08/11 08:15:06 | 001,042,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSF_DP.sys
    [2006/08/11 08:14:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2006/08/11 08:14:50 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/08/11 08:14:20 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/05/05 17:18:56 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/16 04:27:59 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/08/16 04:18:33 | 000,503,536 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2005/08/16 04:18:33 | 000,088,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2005/08/16 04:18:21 | 000,158,730 | ---- | C] () -- C:\WINDOWS\System32\docipurl32.dll
    [2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

    ========== LOP Check ==========

    [2006/08/19 13:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\acccore
    [2006/08/19 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Aim
    [2008/04/27 13:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Canon
    [2007/08/07 22:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\HotSync
    [2007/04/16 12:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\ICAClient
    [2011/03/21 10:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\pdf995
    [2008/02/09 18:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\PlayFirst
    [2008/05/07 10:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Uniblue
    [2007/01/20 01:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Viewpoint
    [2008/02/10 15:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\WeatherBug
    [2006/08/18 22:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\WildTangent
    [2007/11/23 23:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2.Kristin\Application Data\Zylom
    [2006/12/24 12:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
    [2006/12/24 11:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
    [2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2007/07/20 12:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2006/09/16 11:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2011/03/21 10:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2008/02/09 18:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2007/12/29 20:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2009/09/25 12:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2011/02/04 08:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2011/03/20 06:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/01/23 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/26 13:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/08/18 11:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Studio
    [2007/07/20 23:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2007/11/23 23:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2009/10/30 15:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/03/24 10:50:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\WinUtilities-02BB2F56CB964deb8996194DE7EB5275.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/11/21 11:03:32 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/03/15 08:35:50 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/03/21 18:04:04 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/03/21 18:47:38 | 000,014,531 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/08/18 15:03:50 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
    [2006/08/11 08:19:42 | 000,007,039 | RH-- | M] () -- C:\dell.sdr
    [2011/03/09 19:32:32 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2008/12/15 06:54:37 | 000,000,179 | ---- | M] () -- C:\handle.dat
    [2011/03/24 10:49:26 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2007/07/20 12:11:14 | 004,751,376 | ---- | M] () -- C:\HuskyInstallerLog.txt
    [2006/08/19 15:41:05 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2009/02/02 17:58:32 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
    [2008/04/27 17:46:07 | 000,003,126 | -H-- | M] () -- C:\IPH.PH
    [2011/03/24 10:57:00 | 000,227,764 | ---- | M] () -- C:\mombi.log
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/09/13 11:57:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/24 10:49:06 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2008/02/09 19:04:50 | 000,102,486 | ---- | M] () -- C:\playground.log
    [2006/10/19 13:44:02 | 000,000,136 | ---- | M] () -- C:\SerialSync.txt
    [2006/12/24 12:17:09 | 000,000,200 | ---- | M] () -- C:\setup.log
    [2009/08/09 01:03:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/08/09 22:47:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/08/10 08:29:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/08/10 08:31:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/08/10 10:42:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/08/10 11:28:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009/08/10 12:04:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009/08/10 12:34:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/08/10 12:34:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/08/10 12:35:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/08/10 12:39:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/08/10 12:40:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/08/10 12:41:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/08/10 12:42:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009/08/10 12:43:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2009/08/10 12:43:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2009/08/10 13:19:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2009/08/11 03:29:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2009/08/08 13:35:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2009/08/09 00:58:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2009/08/09 01:03:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/08/09 22:47:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/08/10 08:29:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/08/10 08:31:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/08/10 10:42:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/08/10 11:28:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009/08/10 12:04:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009/08/10 12:34:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/08/10 12:34:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/08/10 12:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/08/10 12:39:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/08/10 12:40:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/08/10 12:41:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/08/10 12:42:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009/08/10 12:43:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2009/08/10 12:43:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2009/08/10 13:19:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2009/08/11 03:29:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2009/08/08 13:35:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2009/08/09 00:58:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2011/02/27 16:02:06 | 122,562,410 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
    [2006/08/11 08:46:15 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2011/03/15 05:37:07 | 000,061,508 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_15.03.2011_05.33.27_log.txt
    [2011/03/18 14:39:01 | 000,059,976 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_18.03.2011_14.26.00_log.txt
    [2006/12/24 12:17:01 | 000,000,851 | ---- | M] () -- C:\tempbmm.iss
    [2007/08/23 08:30:03 | 000,004,581 | ---- | M] () -- C:\VETlog.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 04:07:22

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
    < End of report >

    ----

    ExtrasTxt :

    OTL Extras logfile created on: 3/24/2011 5:04:53 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\2.Kristin\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 31.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 78.99 Gb Free Space | 54.74% Space Free | Partition Type: NTFS

    Computer Name: FAMILY | User Name: 2.Kristin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)
    "C:\Palm\HOTSYNC.EXE" = C:\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:LocalSubNet:Enabled:mbam.exe -- (Malwarebytes Corporation)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{02807340-8FA2-44B6-ABA1-E443E4FF0A20}" = VZAccess Manager for RIM
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
    "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E7E8E6A-15F1-4E26-9352-26AD235131E9}" = Documents To Go
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
    "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110206700}" = Bejeweled
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
    "{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
    "{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
    "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
    "{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
    "{E0B27188-A15E-4C64-AE49-85E8EF46184B}" = Reporting Agents (Symantec Corporation)
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}" = The Print Shop
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 9.82 Free Edition
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
    "35B081E6-2482-4495-90F8-C00D6C42D2A0" = FaceIt
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "American Airlines TravelDesk_is1" = American Airlines TravelDesk
    "AOL Instant Messenger" = AOL Instant Messenger
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "ArcSoft PhotoBase" = ArcSoft PhotoBase
    "ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
    "ATI Display Driver" = ATI Display Driver
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523
    "BFGC" = Big Fish Games Client
    "BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
    "CAL" = Canon Camera Access Library
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Crossword Weaver 8.0" = Crossword Weaver 8.0
    "CSCLIB" = Canon Camera Support Core Library
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Game Console" = Dell Game Console
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "EOS Utility" = Canon Utilities EOS Utility
    "ESPNMotion" = ESPNMotion
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
    "lvdrivers_11.50" = Logitech QuickCam Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Monopoly Here & Now Edition" = Monopoly Here & Now Edition (remove only)
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MSNINST" = MSN
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
    "OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
    "Pdf995" = Pdf995
    "PdfEdit995" = PdfEdit995
    "PhotoStitch" = Canon Utilities PhotoStitch
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 6.0" = RealPlayer Basic
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Shockwave" = Shockwave
    "Snood 4_is1" = Snood 4
    "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "VCast Music Essentials Manager" = V CAST Music Manager
    "Verizon Online DSL_is1" = Verizon Online DSL
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "WT009382" = Mah-Jomino
    "WT014569" = Blasterball 2 Holidays
    "WT014651" = Ocean Express
    "WT014654" = PegSweeper
    "WT014676" = Serpengo
    "WT014681" = Slingo Deluxe
    "WT023996" = Puzzle Express
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    Error - 3/24/2011 9:28:53 AM | Computer Name = FAMILY | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
    C:\Documents and Settings\2.Kristin\Desktop\OTM.exe (PID 2464) Time: Thursday,
    March 24, 2011 9:28:53 AM

    [ System Events ]
    Error - 3/24/2011 9:28:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The LVCOMSer service terminated unexpectedly. It has done this 1
    time(s).

    Error - 3/24/2011 9:28:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 3/24/2011 9:28:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The Machine Debug Manager service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 3/24/2011 9:28:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 3/24/2011 9:28:51 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The MSSQLSERVER service terminated unexpectedly. It has done this
    1 time(s).

    Error - 3/24/2011 9:28:51 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Sprocket Service (verizondm) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/24/2011 9:28:52 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The Canon Camera Access Library 8 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/24/2011 9:28:52 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Repair Service (verizondm) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/24/2011 10:00:12 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7024
    Description = The Symantec SPBBCSvc service terminated with service-specific error
    4294967295 (0xFFFFFFFF).

    Error - 3/24/2011 10:53:58 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7024
    Description = The Symantec SPBBCSvc service terminated with service-specific error
    4294967295 (0xFFFFFFFF).


    < End of report >
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Bill,

    I guess we are not quite finished yet, as follows please :-

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (AresChatServer)
      [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
      O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKCU..\Run: [Weather] File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/def...ploader_v6.cab  (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB  (Reg Error: Key error.)
      @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6
      @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A
      @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
      @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A
      @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
      
      :Services
      
      :Reg
      
      :Files
      C:\WINDOWS\System32\settings.sfm
      C:\WINDOWS\System32\settingsbkup.sfm
      C:\fsqwr.bmp
      C:\WINDOWS\Adujabivebaxitiv.dat
      C:\WINDOWS\Olitihikilugoqor.bin
      :Commands
      [emptytemp]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Kevin
     
  15. PALV

    PALV Thread Starter

    Joined:
    Mar 10, 2011
    Messages:
    56
    Kevin -
    FYI - scan hung, then froze computer last night. Re-running again this AM, will post logs as soon as completed.

    Bill
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Hijacked Rootkit infection
  1. genubi
    Replies:
    0
    Views:
    175
  2. lunarlander
    Replies:
    5
    Views:
    580
  3. ricincalifornia
    Replies:
    2
    Views:
    393
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/985484

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice