Virus Infection[RESOLVED]

[jrbarker]

I have a pretty bad virus infection that I've been dealing with for the past few days but I haven't been able to clear it out yet. I currently have Norton Antivirus and Windows Defender. They haven't been able to clear out everything. (In fact I think Defender actually made things worse.) I've also run Spybot which did find some spyware.

The symtoms I've been having are that my web browsers are closing for no reason, my browser is being redirected, I can not connect to Windows Update, Norton Anti-virus is being closed, and I have overall system slowdown.

So I came to these boards and read all the stickies at the top. I first ran The Comedian. Then I downloaded and ran Malwarebyte's anti malware software. It found 9 entries the others didn't find. I ran Norton again which didn't find anything else. Then I ran Hijack This.

Please help me if you can.

First, here is the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:31:28 PM, on 4/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\ALPServer\ProtectionServer.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Unknown owner - L:\Xampp\apache\bin\apache.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c97db0b0c489da) (gupdate1c97db0b0c489da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

O23 - Service: mysql - Unknown owner - L:\Xampp\mysql\bin\mysqld.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtectionServer - Di-O-Matic - C:\Program Files\ALPServer\ProtectionServer.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--

End of file - 13631 bytes

Second, here is the MBAM log:

Malwarebytes' Anti-Malware 1.35

Database version: 1904

Windows 5.1.2600 Service Pack 3

4/1/2009 3:48:13 PM

mbam-log-2009-04-01 (15-48-13).txt

Scan type: Quick Scan

Objects scanned: 77928

Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86c510e9-97ef-4749-914f-0280247be3a6} (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56bb3b-025a-3bba-b570-1bda2a8e7197} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ab56bb3b-025a-3bba-b570-1bda2a8e7197} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\hhupd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\KB25721.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\KB45362.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\KB49261.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\KB52536.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\KB52582.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\KB54205.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\KB55237.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\KB56147.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\KB56180.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hhupd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Program Files\EGPFFT.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hq13125.dll (Trojan.BHO) -> Quarantined and deleted successfully.

[Andro1d]

Hello and Welcome to the forums.

I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today.

Download OTListIt2 by OldTimer to your Desktop.

• Close all windows and double click OTListIt2.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTListIt2.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

[jrbarker]

Thank you for your help! Here is the OTListit.Txt

OTListIt logfile created on: 4/2/2009 8:43:34 AM - Run 1

OTListIt2 by OldTimer - Version 2.0.9.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 90.11% Memory free

3.71 Gb Paging File | 3.34 Gb Available in Paging File | 90.02% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186.31 Gb Total Space | 87.60 Gb Free Space | 47.02% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 59.83 Mb Total Space | 59.73 Mb Free Space | 99.84% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 232.88 Gb Total Space | 94.19 Gb Free Space | 40.45% Space Free | Partition Type: NTFS

Drive L: | 931.51 Gb Total Space | 713.16 Gb Free Space | 76.56% Space Free | Partition Type: NTFS

Computer Name: BARKER

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/02/22 13:56:52 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

PRC - [2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2009/01/23 18:16:54 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe

PRC - [2002/09/04 15:11:04 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe

PRC - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

PRC - [2008/12/16 22:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/09/24 18:05:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

PRC - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

PRC - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2007/10/18 16:28:34 | 00,131,072 | ---- | M] (Di-O-Matic) -- C:\Program Files\ALPServer\ProtectionServer.exe

PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

PRC - [2008/05/02 09:51:46 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2005/10/19 15:31:52 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe

PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2008/10/24 19:31:12 | 00,576,512 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2004/03/11 17:18:54 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconem.exe

PRC - [2004/07/01 14:58:14 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

PRC - [2008/09/08 18:58:39 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

PRC - [2005/10/19 15:52:32 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe

PRC - [2009/04/02 08:41:04 | 00,500,224 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/12 04:03:22 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

SRV - File not found -- -- (Apache2.2 [Auto | Stopped])

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2008/02/22 13:56:52 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])

SRV - [2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009/03/10 21:54:06 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2009/01/23 18:16:54 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c97db0b0c489da [Auto | Stopped])

SRV - [2009/03/24 06:06:55 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])

SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])

SRV - [2002/09/04 15:11:04 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Auto | Running])

SRV - [2009/03/11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])

SRV - [2007/02/16 15:44:13 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD [On_Demand | Stopped])

SRV - [2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])

SRV - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service [Auto | Running])

SRV - [2008/12/16 22:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])

SRV - [2007/09/24 18:05:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe -- (mi-raysat_3dsMax2008_32 [Auto | Running])

SRV - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])

SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])

SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

SRV - File not found -- -- (mysql [Auto | Stopped])

SRV - [2007/01/15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007/01/15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2009/02/27 05:57:27 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (Norton AntiVirus [Auto | Stopped])

SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2007/10/18 16:28:34 | 00,131,072 | ---- | M] (Di-O-Matic) -- C:\Program Files\ALPServer\ProtectionServer.exe -- (ProtectionServer [Auto | Running])

SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])

SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])

SRV - [2008/05/02 09:51:46 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])

SRV - [2005/10/19 15:31:52 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])

SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])

DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])

DRV - [2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])

DRV - [2009/02/27 05:57:36 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys -- (BHDrvx86 [system | Running])

DRV - [2009/04/01 00:02:22 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys -- (ccHP [system | Running])

DRV - [2005/09/26 00:08:16 | 00,002,560 | ---- | M] () -- C:\WINDOWS\System32\Drivers\d3dutil.sys -- (d3dutil [On_Demand | Stopped])

DRV - [1998/07/10 04:31:00 | 00,007,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D [Auto | Running])

DRV - [2004/02/10 16:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])

DRV - [2009/03/31 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

DRV - [2009/03/31 03:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

DRV - [2005/08/18 01:00:00 | 00,007,168 | ---- | M] () -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver [On_Demand | Stopped])

DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2005/07/28 08:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])

DRV - [2008/10/14 19:56:13 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])

DRV - [2004/03/17 17:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2003/11/13 21:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])

DRV - [2003/11/13 21:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

DRV - [2004/06/06 14:09:10 | 00,730,653 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])

DRV - [2009/01/29 16:50:18 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.003\IDSxpx86.sys -- (IDSxpx86 [system | Running])

DRV - [2005/09/26 00:08:16 | 00,245,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igdmini.sys -- (igdmini [On_Demand | Stopped])

DRV - [2004/07/06 19:59:44 | 02,185,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2002/09/04 15:11:08 | 00,030,258 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk [boot | Running])

DRV - [2005/09/26 00:08:16 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\Drivers\lvds.sys -- (lvds [On_Demand | Stopped])

DRV - [2008/12/16 22:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])

DRV - [2008/12/17 01:01:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])

DRV - [2009/02/24 19:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])

DRV - [2004/01/16 17:21:48 | 00,012,970 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

DRV - [2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])

DRV - [2004/08/19 22:10:28 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])

DRV - [2009/03/31 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090401.025\NAVENG.SYS -- (NAVENG [On_Demand | Running])

DRV - [2009/03/31 03:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090401.025\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

DRV - [2009/02/18 14:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2004/11/21 15:49:49 | 00,035,744 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])

DRV - [2001/04/09 13:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass [boot | Running])

DRV - [2008/12/17 00:54:30 | 00,495,640 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Running])

DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008/04/07 18:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2006/06/05 09:08:33 | 00,030,556 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

DRV - [2005/09/26 00:08:16 | 00,012,928 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sdvo.sys -- (sdvo [On_Demand | Stopped])

DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2002/12/16 00:41:10 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])

DRV - [2002/12/16 00:41:10 | 00,026,120 | ---- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])

DRV - [2007/02/15 20:39:00 | 00,646,392 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2009/02/27 05:57:36 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS -- (SRTSP [system | Running])

DRV - [2009/02/27 05:57:36 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS -- (SRTSPX [system | Running])

DRV - [2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])

DRV - [2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt39.sys -- (SunkFilt39 [On_Demand | Stopped])

DRV - [2009/02/27 05:57:36 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS -- (SymEFA [boot | Running])

DRV - [2009/04/01 00:03:52 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

DRV - [2009/02/27 05:57:36 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS -- (SYMFW [On_Demand | Running])

DRV - [2009/02/27 05:57:36 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])

DRV - [2009/02/27 05:57:28 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])

DRV - [2009/02/27 05:57:28 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])

DRV - [2006/02/03 14:09:13 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])

DRV - [2009/02/27 05:57:36 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])

DRV - [2009/02/27 05:57:36 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS -- (SYMTDI [system | Running])

DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

DRV - [2003/11/13 21:18:36 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

DRV - [2005/04/12 19:21:28 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])

DRV - [2005/04/12 19:21:32 | 00,022,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Running])

DRV - [2005/04/12 19:21:28 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])

DRV - [2005/04/12 19:21:26 | 00,045,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.cnn.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1

FF - prefs.js..extensions.enabledItems: {31E65147-5A53-4e52-8A64-FF6EBFA36D76}:1.5.19

FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:1.9

FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.0.0

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4

FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.4.1

FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.1

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.4.2

FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.5.1

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006

FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0

FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2

FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:1.5

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009/01/23 18:17:12 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 20:57:54 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 20:57:54 | 00,000,000 | ---D | M]

[2008/06/19 13:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions

[2008/06/19 13:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/04/01 17:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions

[2007/11/29 21:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{0B9D558E-6983-486b-9AAD-B6CBCD2FC807}

[2008/10/31 20:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}

[2009/02/16 19:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{31E65147-5A53-4e52-8A64-FF6EBFA36D76}

[2009/03/27 09:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2008/09/06 13:47:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

[2008/06/19 14:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}

[2009/02/16 19:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}

[2008/01/17 16:58:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}

[2009/03/25 21:22:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2009/02/16 19:37:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2009/03/27 09:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2009/03/25 21:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2008/02/19 12:47:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}

[2009/03/25 21:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2009/03/23 20:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2008/06/24 22:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

[2009/02/05 23:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/02/05 23:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2009/03/23 20:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2008/11/15 09:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\[email protected]

[2009/03/23 20:09:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\[email protected]

[2009/03/26 21:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\[email protected]

[2007/02/07 02:19:40 | 00,007,931 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\elance-project-search.xml

[2009/03/23 04:37:55 | 00,002,125 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\flickr-tags.xml

[2009/03/23 04:37:55 | 00,005,500 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\food-network-recipes.xml

[2008/06/24 16:51:47 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\imdb.xml

[2008/06/03 07:07:46 | 00,001,071 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\lonely-planet-online.xml

[2008/06/24 16:51:45 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\webster.xml

[2008/06/24 16:51:45 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\wikipedia-en.xml

[2009/03/31 12:09:43 | 00,001,166 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\wow-akz.xml

[2009/04/01 17:11:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/03/28 20:57:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/03/28 20:57:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/03/28 20:57:40 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/02/19 14:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/02/19 14:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/02/19 14:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/02/19 14:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/02/19 14:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/02/19 14:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/02/19 14:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)

O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &AOL Toolbar search - Reg Error: Value error.

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)

O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (ZoneIntro Class)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/10/23 09:34:10 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2004/08/19 20:14:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\M\Shell - "" = AutoRun

O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]

[2009/04/02 08:41:02 | 00,500,224 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

[2009/04/01 15:42:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2009/04/01 15:42:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/04/01 15:42:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/04/01 15:42:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/04/01 15:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/04/01 15:39:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/04/01 15:38:26 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/04/01 15:36:22 | 00,794,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Comedian.exe

[2009/04/01 12:30:12 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Support

[2009/04/01 09:14:43 | 00,646,094 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB

[2009/04/01 09:14:14 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys

[2009/04/01 00:03:46 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symtdi.sys

[2009/04/01 00:03:46 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.inf

[2009/04/01 00:03:45 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symfw.sys

[2009/04/01 00:03:45 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndisv.sys

[2009/04/01 00:03:45 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndis.sys

[2009/04/01 00:03:45 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symids.sys

[2009/04/01 00:03:45 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.cat

[2009/04/01 00:03:44 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.sys

[2009/04/01 00:03:44 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.sys

[2009/04/01 00:03:44 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.cat

[2009/04/01 00:03:44 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.inf

[2009/04/01 00:03:44 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.inf

[2009/04/01 00:03:43 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.sys

[2009/04/01 00:03:43 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.cat

[2009/04/01 00:03:43 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.inf

[2009/04/01 00:03:42 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.sys

[2009/04/01 00:03:42 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.cat

[2009/04/01 00:03:42 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.cat

[2009/04/01 00:03:42 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.inf

[2009/04/01 00:03:41 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.CAT

[2009/04/01 00:03:41 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.inf

[2009/04/01 00:02:22 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys

[2009/04/01 00:02:12 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini

[2009/04/01 00:02:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1005000.086

[2009/03/31 22:17:33 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2009/03/31 22:17:33 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2009/03/31 22:17:33 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2009/03/31 22:17:33 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2009/03/31 22:17:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV

[2009/03/31 22:17:03 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar

[2009/03/31 20:35:26 | 00,676,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup.exe

[2009/03/31 14:33:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\TrendMicro_TIS_17.10_en-US_32-bit

[2009/03/31 14:31:43 | 74,627,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\TrendMicro_TIS_17.10_en-US_32-bit.exe

[2009/03/31 13:58:28 | 25,488,75264 | -HS- | C] () -- C:\hiberfil.sys

[2009/03/31 13:05:54 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2009/03/31 13:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6

[2009/03/29 13:31:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2009/03/29 12:54:09 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Owner\Desktop\WinsockxpFix.exe

[2009/03/29 12:51:35 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009/03/29 12:48:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender

[2009/03/29 12:47:01 | 10,246,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v2.8.exe

[2009/03/28 20:18:24 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq55564.dll

[2009/03/28 20:04:38 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq13235.dll

[2009/03/28 19:47:55 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq73597.dll

[2009/03/28 19:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/03/28 19:28:01 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq57060.dll

[2009/03/27 11:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec

[2009/03/26 20:28:20 | 00,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/24 18:57:43 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq99302.dll

[2009/03/24 06:06:57 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/03/23 20:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\iMacros

[2009/03/23 09:04:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009/03/23 09:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector

[2009/03/23 09:02:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2009/03/23 08:58:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/03/23 08:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/03/23 08:50:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/03/17 23:06:05 | 00,000,082 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._Pic Edits

[2009/03/13 11:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

[2009/03/13 11:44:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/03/11 15:52:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV57164656.TMP

[2009/03/11 15:18:19 | 00,212,711 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb

[2009/03/11 15:18:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV51321700.TMP

[2009/03/11 15:16:57 | 00,000,000 | ---D | C] -- C:\NVIDIA

[2009/03/11 15:10:40 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2009/03/11 15:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab

[2009/03/10 22:11:25 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2009/03/10 22:05:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2009/03/09 21:04:41 | 00,000,082 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._for Joe

[2009/03/06 18:20:42 | 00,000,805 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\zmtl02.rtf

[2009/03/04 12:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Pic Edits

[2009/03/04 11:22:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/03/04 11:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/03/04 11:07:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/03/03 22:02:07 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys

[2009/03/03 22:02:05 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]

[2009/04/02 08:41:04 | 00,500,224 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

[2009/04/02 00:00:13 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3070113376-1340541817-468247195-1003.job

[2009/04/02 00:00:13 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

[2009/04/01 23:13:21 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/04/01 22:00:59 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009/04/01 21:59:18 | 00,205,820 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/04/01 21:58:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/04/01 21:58:22 | 00,013,926 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat

[2009/04/01 21:58:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile

[2009/04/01 21:58:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/04/01 21:57:44 | 25,488,75264 | -HS- | M] () -- C:\hiberfil.sys

[2009/04/01 15:36:27 | 00,794,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Comedian.exe

[2009/04/01 10:22:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/04/01 09:14:57 | 00,646,094 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB

[2009/04/01 00:03:52 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2009/04/01 00:03:52 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2009/04/01 00:03:52 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2009/04/01 00:03:52 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2009/04/01 00:02:22 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys

[2009/04/01 00:02:12 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini

[2009/03/31 21:18:34 | 00,676,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup.exe

[2009/03/31 19:12:24 | 00,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store

[2009/03/31 14:33:32 | 74,627,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\TrendMicro_TIS_17.10_en-US_32-bit.exe

[2009/03/29 12:55:31 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/03/29 12:54:10 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Owner\Desktop\WinsockxpFix.exe

[2009/03/29 12:47:06 | 10,246,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v2.8.exe

[2009/03/28 20:18:24 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq55564.dll

[2009/03/28 20:04:38 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq13235.dll

[2009/03/28 19:47:55 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq73597.dll

[2009/03/28 19:28:01 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq57060.dll

[2009/03/27 20:12:43 | 04,330,086 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2009/03/27 11:35:27 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/03/25 21:15:45 | 00,000,170 | ---- | M] () -- C:\WINDOWS\game.ini

[2009/03/24 18:57:43 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq99302.dll

[2009/03/23 14:50:16 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/03/23 11:06:52 | 00,199,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/23 09:00:19 | 00,000,899 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk

[2009/03/20 10:16:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/03/17 23:06:05 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._Pic Edits

[2009/03/11 14:52:57 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._Grocery_List.xls

[2009/03/11 14:52:48 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Grocery_List.xls

[2009/03/11 10:05:26 | 02,576,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/03/11 03:02:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/03/10 22:32:33 | 00,110,336 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/03/10 18:25:37 | 00,582,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/03/10 18:25:37 | 00,483,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/03/10 18:25:37 | 00,086,890 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/03/09 21:04:41 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._Movie_List.xls

[2009/03/09 21:04:41 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._for Joe

[2009/03/04 11:32:06 | 00,002,568 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

< End of report >

[jrbarker]

Here is the Extras.Txt

OTListIt Extras logfile created on: 4/2/2009 8:43:34 AM - Run 1

OTListIt2 by OldTimer - Version 2.0.9.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 90.11% Memory free

3.71 Gb Paging File | 3.34 Gb Available in Paging File | 90.02% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186.31 Gb Total Space | 87.60 Gb Free Space | 47.02% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 59.83 Mb Total Space | 59.73 Mb Free Space | 99.84% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 232.88 Gb Total Space | 94.19 Gb Free Space | 40.45% Space Free | Partition Type: NTFS

Drive L: | 931.51 Gb Total Space | 713.16 Gb Free Space | 76.56% Space Free | Partition Type: NTFS

Computer Name: BARKER

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.js [@ = jsfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader

"5353:UDP" = 5353:UDP:*:Enabled:Bonjour

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL

File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync

[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/04/13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®

[2008/04/13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console

[2008/04/13 19:12:33 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing

File not found -- C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe:*:Enabled:LimeWire: The most advanced file sharing program on the planet.

File not found -- C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe:*:Enabled:LimeWire

[2004/12/19 19:53:54 | 00,462,848 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.1.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader

[2004/12/21 18:21:38 | 00,663,552 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader

[2009/03/28 20:57:41 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger

File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

[2005/04/17 17:08:11 | 03,112,960 | ---- | M] () -- C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek Client

[2005/03/29 19:42:46 | 00,484,799 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader

[2005/04/20 21:49:38 | 00,482,604 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader

[2005/06/07 13:59:21 | 00,492,176 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader

[2005/10/11 20:19:53 | 00,489,816 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader

File not found -- C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000

File not found -- C:\Documents and Settings\Owner\Desktop\DOWNLOADS\WoW-1.6.1.4544v2-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader

File not found -- C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client

[2005/09/19 21:34:49 | 00,492,476 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader

[2005/10/24 20:29:29 | 00,490,690 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader

File not found -- C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui

File not found -- C:\Documents and Settings\Owner\My Documents\Software\Photoshop\Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II

File not found -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk

[2006/01/25 21:56:48 | 00,768,094 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.9.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader

[2008/04/13 19:12:21 | 00,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice

[2005/03/04 14:25:26 | 12,705,792 | ---- | M] (Curious Labs, Inc.) -- C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Enabled:Poser executable file

[2006/08/23 08:34:50 | 00,764,021 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader

[2008/12/25 14:56:32 | 02,429,584 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft

[2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008/12/16 15:16:10 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

File not found -- C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7

[2006/12/17 05:11:30 | 00,225,280 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Maya8.5\bin\maya.exe:*:Enabled:Maya

File not found -- C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion

File not found -- C:\Program Files\Microsoft Games\Age of Mythology\AOM.EXE:*:Enabled:Age of Mythology

File not found -- C:\Program Files\Fox\No One Lives Forever\eReg\NAVBROWSER.EXE:*:Disabled:NAVBrowser

File not found -- C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo

[2009/01/05 16:19:14 | 07,697,712 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player

[2006/09/06 03:39:14 | 00,425,984 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor

[2006/09/06 03:39:10 | 00,110,592 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager

[2006/09/06 03:39:12 | 00,110,592 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server

[2005/06/06 11:56:04 | 00,081,920 | ---- | M] (Scanvec Amiable) -- C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\App.exe:*:Enabled:Design Software

[2007/09/24 19:24:22 | 06,518,272 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit

File not found -- C:\Program Files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:*:Enabled:Lost Empire - Immortals

[2007/10/21 03:20:34 | 28,064,848 | R--- | M] () -- C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3

[2008/12/18 21:13:10 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA

[2008/03/10 01:22:52 | 07,299,072 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit

[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

File not found -- C:\Program Files\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server

File not found -- L:\Xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server

File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

[2007/01/12 18:57:22 | 05,140,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime

[2009/03/11 13:52:24 | 13,499,176 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync

[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

File not found -- C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X

"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h

"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18A265FA-A1F2-413E-940E-A6A255733CA3}" = ZHelp

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2

"{1EC60864-A294-44BF-984A-3E8867D74EA2}" = Adobe After Effects 6.0

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{21AFBC54-4053-476B-9907-F0345311233C}" = Boris Continuum Complete

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22FAFE5D-A94C-4B5A-A628-DFF2FAB32885}" = Autodesk MotionBuilder 7.5 Extension 1

"{28C74612-2C48-4421-BF67-3949CD90748E}" = Autodesk DirectConnect 2.0

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3

"{2A9C3F41-DACA-37AB-84FB-2E6193C42151}" = Google Gears

"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{38EC4486-44FF-49da-8FFF-87DA9DCBC06B}" = Autodesk 3ds Max 2008 32-bit Help

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C106CBD-3E5A-4275-94F9-23FFE687D090}" = Autodesk 3ds Max 2008 32-bit Architectural Materials Library

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{3CDC3396-0169-41FC-B7E8-C7AE080DB3E8}" = Jamorama Software

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer

"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content

"{48A8ADFF-D6E4-409D-B2BA-5CABB7FE5A84}" = AirPort

"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation

"{49389932-51FA-4D26-8B4F-CE86B24302C2}" = TortoiseSVN 1.5.5.14361 (32 bit)

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{53C92981-4972-11D7-A947-F895376BBB42}" = Pro Motion

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software

"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3

"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{679035C8-CEB8-4a5c-847A-5FB3FFADC0EB}" = Autodesk 3ds Max 2008 32-bit Vault 2008 Plug-In

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6D6C1253-F5A2-4E0C-9070-F3C1176C1033}" = Nero 7

"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel

"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72019134-3A61-4C39-A540-245600C4CDFA}" = Turbo Squid Tentacles 3ds Max 2008

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install

"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation

"{81525B87-9344-4834-883C-C6A9D78EA1DF}" = Maya 8.5 Documentation (en_US)

"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1086DA0-903E-4DEA-A83F-6317923CC63D}" = headus UVLayout v2 Professional

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}" = Maya 8.5

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB2037C6-FE46-41fd-B1B2-4D62FBB1E57A}" = Autodesk 3ds Max 2008 32-bit Videos

"{AB7E8EC4-D04C-4A2B-A33B-4A3725C72285}" = Sony ACID Pro 6.0

"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update

"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update

"{AC76BA86-0000-7EC8-7489-000000000704}" = Adobe Acrobat 7.0.3 and Reader 7.0.3 Update

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup

"{BC352445-5DD8-4C4F-909A-21A9E75017B1}" = ZAppLink

"{BF658A51-6D4F-4CB0-8D40-D183692B995D}" = Autodesk 3ds Max 2008 32-bit

"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{C86A8B40-0702-45FA-BFEC-82B0C5932038}" = Sony Media Manager 2.1

"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"{CADA5B76-F134-416A-997C-9A0E21FFC8C4}" = Silo 2.1

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}" = Sony Sound Forge 9.0

"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1B7094B-8CAC-492a-9EE6-D1576ED35208}" = Autodesk 3ds Max 2008 32-bit Vault 5 Plug-In

"{D3605F22-A55C-4462-B714-70ADED5BCC18}" = MrMikes Timeline Addin 1.0

"{D459A7BB-F85E-4C0E-8AEC-3D90C4549740}" = Debugging Tools for Windows

"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12

"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX

"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}" = iTunes

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EDC8D89C-DC3D-4a3d-ABE7-97D281C0A13A}" = Autodesk 3ds Max 2008 32-bit Additional Maps and Material Libraries

"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0

"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2DC9BD1-8DB8-461C-80B2-7264AFA54EE2}" = Mudbox 1.0

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable

"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup

"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup

"1Click DVD Copy" = 1Click DVD Copy

"ActiveTouchMeetingClient" = WebEx

"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Illustrator CS2" = Adobe Illustrator CS2

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3

"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3

"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3

"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"ADShareit.com SWF2Video Converter Pro_is1" = version 5.0.0

"Autodesk FBX Converter 2009.3" = Autodesk FBX Converter 2009.3

"Autodesk FBX for QuickTime" = Autodesk FBX for QuickTime 7.0

"Autodesk FBX Plugin 2009.3 - 3ds Max 2008" = Autodesk FBX Plugin 2009.3 - 3ds Max 2008

"AVI Codec Pack" = AVI Codec Pack

"AVS Video Converter 4.3_is1" = AVS Video Converter 4.3.1.371

"BigFix" = BigFix

"Blender" = Blender (remove only)

"Bryce" = Bryce 6.1

"Bryce Lightning" = Bryce Lightning 2.0 c

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07

"DAZ|Studio" = DAZ|Studio 1.4.16.0

"Deep Exploration" = Deep Exploration

"Deep Paint 3D" = Deep Paint 3D

"DeepUV" = DeepUV

"DigiCel FlipBook 4.5" = DigiCel FlipBook 4.5

"Di-O-Matic Character Pack v1.14" = Di-O-Matic Character Pack v1.14

"DVD Decrypter" = DVD Decrypter (Remove Only)

"Easy Video Joiner_is1" = Easy Video Joiner 5.21

"Easy Video Splitter_is1" = Easy Video Splitter 1.28

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Scanner" = EPSON Scan

"ERUNT_is1" = ERUNT 1.1j

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0

"FBX Plugin 2006.11.1 for Max 2008" = FBX Plugin 2006.11.1 for Max 2008

"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009

"FlexiSIGN-PRO 7.6v2" = FlexiSIGN-PRO 7.6v2

"FoxyTunesForFirefox" = FoxyTunes for Firefox

"gBurner" = gBurner

"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers

"Google Updater" = Google Updater

"GoogleVideoPlayer" = Google Video Player

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InFlac" = InFlac 1.1.1

"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15

"InstallShield_{22FAFE5D-A94C-4B5A-A628-DFF2FAB32885}" = Autodesk MotionBuilder 7.5 Extension 1

"InstallShield_{48A8ADFF-D6E4-409D-B2BA-5CABB7FE5A84}" = AirPort

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader

"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12

"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in

"IomegaWare" = IomegaWare 4.0.2

"JEOPARDY! 21.0" = JEOPARDY! 2

"Karen's Directory Printer" = Karen's Directory Printer

"Luxor - Amun Rising" = Luxor - Amun Rising (remove only)

"lvdrivers_11.90" = Logitech QuickCam Driver Package

"Macromedia Shockwave Player" = Macromedia Shockwave Player

"Magic ISO Maker v5.4 (build 0247)" = Magic ISO Maker v5.4 (build 0247)

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0

"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)

"Mozilla Thunderbird (1.0.6)" = Mozilla Thunderbird (1.0.6)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NAV" = Norton AntiVirus

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"OpenAL" = OpenAL

"Poser 6" = Poser 6

"PowerISO" = PowerISO

"PROSet" = Intel® PRO Network Adapters and Drivers

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"Rainbow Sentinel Driver" = Sentinel System Driver

"RealPlayer 6.0" = RealPlayer

"Registry Mechanic_is1" = Registry Mechanic 6.0

"SCLS" = MSU Screen Capture Lossless Codec v1.2 (Remove Only)

"SecondLife" = SecondLife (remove only)

"Soulseek" = SoulSeek Client 156c

"StorageSync" = StorageSync Backup Software

"StreetPlugin" = Learn2 Player (Uninstall Only)

"SystemRequirementsLab" = System Requirements Lab

"Tablet Driver" = Tablet

"Texporter_max11_x86" = Texporter v3.5.23.11_x86

"Trend Micro HouseCall 6.6" = HouseCall 6.6

"Uninstaller_B1FFA000_517142 - ZBrush (Windows)" = 517142 - ZBrush (Windows) (Shared Components)

"V-Ray for 3dsmax R9 for x86" = V-Ray for 3dsmax R9 for x86

"Winamp" = Winamp

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WinZip" = WinZip

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"World of Warcraft" = World of Warcraft

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"xampp" = XAMPP 1.7.0

"xNormal 3.15.1 Beta 1" = xNormal 3.15.1 Beta 1

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

"BitTorrent DNA" = DNA

"Google Chrome" = Google Chrome

"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/1/2009 4:36:35 PM | Computer Name = BARKER | Source = Application Error | ID = 1000

Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module

unknown, version 0.0.0.0, fault address 0x10031e39.

Error - 4/1/2009 4:49:49 PM | Computer Name = BARKER | Source = Windows Search Service | ID = 3102

Description = The per-user filter pool for session 0 could not be added. Details:

The

operation being requested was not performed because the user has not logged on

to the network. The specified service does not exist. (0x800704dd)

Error - 4/1/2009 7:17:14 PM | Computer Name = BARKER | Source = Application Error | ID = 1000

Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,

version 0.0.0.0, fault address 0x20021e39.

Error - 4/1/2009 7:18:11 PM | Computer Name = BARKER | Source = Application Error | ID = 1000

Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,

version 0.0.0.0, fault address 0x20021e39.

Error - 4/1/2009 7:34:29 PM | Computer Name = BARKER | Source = Application Error | ID = 1000

Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module

unknown, version 0.0.0.0, fault address 0x10031e39.

Error - 4/1/2009 10:19:31 PM | Computer Name = BARKER | Source = Application Error | ID = 1000

Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module

unknown, version 0.0.0.0, fault address 0x10031e39.

Error - 4/1/2009 10:56:19 PM | Computer Name = BARKER | Source = Windows Search Service | ID = 3102

Description = The per-user filter pool for session 0 could not be added. Details:

The

operation being requested was not performed because the user has not logged on

to the network. The specified service does not exist. (0x800704dd)

Error - 4/1/2009 10:58:21 PM | Computer Name = BARKER | Source = Windows Search Service | ID = 3102

Description = The per-user filter pool for session 0 could not be added. Details:

The

operation being requested was not performed because the user has not logged on

to the network. The specified service does not exist. (0x800704dd)

Error - 4/1/2009 11:12:39 PM | Computer Name = BARKER | Source = Application Error | ID = 1000

Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module

unknown, version 0.0.0.0, fault address 0x10031e39.

Error - 4/1/2009 11:30:49 PM | Computer Name = BARKER | Source = Application Error | ID = 1000

Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module

unknown, version 0.0.0.0, fault address 0x10031e39.

[ OSession Events ]

Error - 4/23/2008 12:48:36 AM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 16

seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/31/2008 4:38:13 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 81296

seconds with 4440 seconds of active time. This session ended with a crash.

Error - 9/11/2008 6:57:20 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20

seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/18/2008 2:02:19 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18

seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/29/2008 6:58:30 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 31

seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/15/2008 7:27:18 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15

seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/6/2009 8:26:02 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 33

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/10/2009 10:07:00 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9

seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/17/2009 4:39:21 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12

seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/20/2009 3:27:43 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 4/1/2009 9:30:54 PM | Computer Name = BARKER | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 4/1/2009 10:17:49 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7034

Description = The Norton AntiVirus service terminated unexpectedly. It has done

this 3 time(s).

Error - 4/1/2009 10:58:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7000

Description = The Apache2.2 service failed to start due to the following error:

%%3

Error - 4/1/2009 10:58:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7000

Description = The mysql service failed to start due to the following error: %%3

Error - 4/1/2009 10:58:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7000

Description = The Par1284 service failed to start due to the following error: %%2

Error - 4/1/2009 10:58:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

IntelIde

Error - 4/1/2009 11:10:59 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7031

Description = The Norton AntiVirus service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 120000 milliseconds:

Restart the service.

Error - 4/1/2009 11:23:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7031

Description = The Norton AntiVirus service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 120000 milliseconds:

Restart the service.

Error - 4/1/2009 11:29:12 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7034

Description = The Norton AntiVirus service terminated unexpectedly. It has done

this 3 time(s).

Error - 4/2/2009 2:40:47 AM | Computer Name = BARKER | Source = BROWSER | ID = 8032

Description = The browser service has failed to retrieve the backup list too many

times on transport \Device\NetBT_Tcpip_{60782738-0E3C-4F6E-8E00-40C1025C6C0D}. The

backup browser is stopping.

< End of report >

[Andro1d]

Hello again,

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

• Go to http://support.f-secure.com/enu/home/ols.shtml
  
• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  
• Allow the Active X control to be installed on your computer, then click the Accept button
  
• Click Full System Scan and allow the components to download and the scan to complete.
  
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

• When the cleaning option is presented, Uncheck Submit samples to F-Secure
  
• Click Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  

Notes:

• This scan will only work with Internet Explorer
  
• You must have administrator rights to run this scan
  
• This scan can take several hours, so please be patient
  

[jrbarker]

Thanks, here is the report...

Scanning Report

Saturday, April 04, 2009 13:56:30 - 16:59:03

Computer name: BARKER

Scanning type: Scan system for malware, rootkits

Target: C:\ L:\

Result: 8 malware found

Exploit.Win32.Pidief.ans (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0FZL9QFK\DS[1].PDF (Renamed & Submitted)

TrackingCookie.2o7 (spyware)

* System

Trojan.Win32.BHO (virus)

* System

Trojan.Win32.BHO.nui (virus)

* C:\WINDOWS\SYSTEM32\HQ13235.DLL

* C:\WINDOWS\SYSTEM32\HQ55564.DLL

* C:\WINDOWS\SYSTEM32\HQ57060.DLL

* C:\WINDOWS\SYSTEM32\HQ73597.DLL

* C:\WINDOWS\SYSTEM32\HQ99302.DLL

Statistics

Scanned:

* Files: 119493

* System: 4386

* Not scanned: 8

Actions:

* Disinfected: 0

* Renamed: 1

* Deleted: 0

* None: 7

* Submitted: 1

Files not scanned:

* C:\HIBERFIL.SYS

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ETILQS_NUWCXH4BAHX9UP9DGTUB

Options

Scanning engines:

* F-Secure USS: 3.0.0

* F-Secure Hydra: 3.8.9080, 2009-04-03

* F-Secure AVP: 7.0.171, 2009-04-04

* F-Secure Pegasus: 1.20.0, 1969-11-31

* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

[Andro1d]

Hey,

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  
• Copy the fix below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :processes
  explorer.exe
  
  :files
  C:\WINDOWS\SYSTEM32\HQ13235.DLL
  C:\WINDOWS\SYSTEM32\HQ55564.DLL
  C:\WINDOWS\SYSTEM32\HQ57060.DLL
  C:\WINDOWS\SYSTEM32\HQ73597.DLL
  C:\WINDOWS\SYSTEM32\HQ99302.DLL
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]

  
  

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

[jrbarker]

Here's the report...

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\WINDOWS\SYSTEM32\HQ13235.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ55564.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ57060.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ73597.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ99302.DLL not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_200023

[jrbarker]

I rebooted after using OTMoveIt3 and was given this report upon start up...

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\WINDOWS\SYSTEM32\HQ13235.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ55564.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ57060.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ73597.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ99302.DLL not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_200023

Files moved on Reboot...

File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct not found!

DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll

C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.

File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js not found!

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl moved successfully.

[Andro1d]

Hey,

Do you have the remaining of the log after reboot?

[jrbarker]

I believe that was the whole log. I will paste it again. (This site won't let me upload the log file to this thread.)

Should I run something again?

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\WINDOWS\SYSTEM32\HQ13235.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ55564.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ57060.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ73597.DLL not found.

File/Folder C:\WINDOWS\SYSTEM32\HQ99302.DLL not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_200023

Files moved on Reboot...

File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct not found!

DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll

C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.

File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js not found!

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js not found!

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl moved successfully.

[Andro1d]

Hey,

Well I guess that is the rest of the log, sorry about that.

Anyways, how is the computer running?

[jrbarker]

It seems to be running better so far. The browser hasn't crashed in the last 24 hours or so. But Norton is still shutting down. It says "Symantec service framework encountered a problem and needed to close." [App: ccSvchste.exe Offset 10031e39] I've reinstalled Norton but it keeps happening.

Also, I still am not able to download the newest Windows Updates.

[Andro1d]

Have you ran the Norton Removal Tool to uninstall and then re-installed it? If you haven't, follow the instructions below.

Please download the Norton Removal Tool from HERE and Save it to your Desktop

• Close all programs and double click the Norton_Removal_Tool.exe
  
• Follow the on-screen instructions
  
• Restart the computer if asked
  
• Then delete Norton_Removal_Tool.exe from your desktop
  

Then

Download the HostsXpert 4.2 - Hosts File Manager.

• Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  
• Run HostsXpert 4.2 - Hosts File Manager from its new home
  
• Click on "File Handling".
  
• Click on "Restore MS Hosts File".
  
• Click OK on the Confirmation box.
  
• Click on "Make Read Only?"
  
• Click the X to exit the program.
  
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
  

[jrbarker]

Okay I downloaded and ran the HostsXpert.exe but I'm still unable to download the updates. It keeps timing out or freezing when it's "check for the latest updates for your computer".

Norton is running after I restarted my computer. And now it's detecting Trojan.KillAV every 20 seconds or so.

What should I do, run another virus scan?

Now, while I was typing I got a popup that says "Generic Host Process for Win32 Services has encountered a problem and needs to close."

[jrbarker]

Update:

I restarted my computer and seem to be able to get Windows updates now. Also my Norton hasn't crashed either.

But I'm still getting fairly constant threats from Trojan.killAV and also warnings of "Unauthorized access blocked", as Norton says.

A quick Norton and Spybot scan doesn't find anything.

[Andro1d]

Hey,

Does it give you a filename or location where this threat is being found? It could just be in quarantine or in system restore.

[jrbarker]

Let's see, it if I look under details for "Unauthorized access blocked" it says the Actor is C:\program files\update\googleupdate.exe and the Target is C:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

For the Trojan.KillAV it says the file name is C:\windows\okxycnn.ogs

[Andro1d]

Hey,

For the unauthorized access it could just be a messed up firewall rule.

• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  
• Copy the fix below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :processes
  explorer.exe
  
  :files
  C:\windows\okxycnn.ogs
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]

  
  

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

[jrbarker]

Here's the report. But looking back through the Norton History, I think the Trojan was found and removed by Norton automatically early this morning. So I think we're good (I hope). Thanks for all your help on this. Is there anything else I should do to protect my computer and keep it running smoothly?

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\windows\okxycnn.ogs not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\alm.log scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\amt.log scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_OSCAQAiGnmc5ZXspDn0p scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Photoshop Temp46128254324 scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\JET1E66.tmp scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_138.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\FA7DE7A1d01 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_215254

[Andro1d]

Hey,

Are you able to access Windows Updates now?

[jrbarker]

Yes, I can get Windows Updates now.

But I noticed yesterday that the Trojan.KillAV came back. Norton blocked it from doing something every 11 seconds from 12:53:39 PM until 2:15:18 PM. Then nothing happened until 5:22 PM when something called ~.exe was detected and removed by Norton. Then at 12:26:31 AM the Trojan.KillAV was detected and actually removed instead of being blocked.

This scenario also happened a couple days ago. I thought Norton took care of it then, but apparently it didn't.

When I go to "Risk Details" in Norton it says there were two affected files. C:\windows\system32\~.exe and C:\windows\okxnn.ogs

[Andro1d]

Hey,

Mhmm, strange that Norton keeps on picking that up.

Lets run another scan to see if it picks it up as well.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[jrbarker]

This is what it came up with...

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=4004 (20090413)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.066 (20070917)

# EOSSerial=97394a74460f01439bb22e9598d7b13d

# end=finished

# remove_checked=true

# unwanted_checked=true

# utc_time=2009-04-14 03:19:09

# local_time=2009-04-13 10:19:09 (-0600, Central Daylight Time)

# country="United States"

# osver=5.1.2600 NT Service Pack 3

# scanned=1307438

# found=3

# scan_time=21891

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinWebdirb7.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000

C:\Program Files\Nero\INSTALL Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE\Nero-7.7.5.1_all_trial.exe Win32/Toolbar.AskSBar application (deleted) 00000000000000000000000000000000

C:\Program Files\Nero\INSTALL Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE\Nero-7.7.5.1_all_trial.exe »RAR »Toolbar.exe Win32/Toolbar.AskSBar application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

[Andro1d]

Hey,

Well Eset didn't find it either, are you still getting warnings and pop ups about it?