0

PP, you're gonna love it, I have a couple of machines running ubuntu and I've just loaded the live disk into the machine we're working on...and it's up and running. External monitor came on line with no problem.

disclaimer: I just started using ubuntu on my children's computers a couple weeks ago so my experience is limited...having some issues, for example, getting the network printer stabilized on one of them...

Looks like I'm going to learn a bit more....

0

PP, you're gonna love it, I have a couple of machines running ubuntu and I've just loaded the live disk into the machine we're working on...and it's up and running. External monitor came on line with no problem.

Excellent! We are back in business!

-- You're online with no problems on ill machine?

I was hoping AVP Tool would replace the infected winlogon.exe, but I expect it deleted it.
-- Did you get a "prompt for action" any time during the scan?
-- I'd like to see if we can get a scanlog from the AVP Tool run if it by chance saved it. As I recall, you had to do that manually... See if you can find a scanlog in the AVP Tool installation folder, if that remains.

-- Do you have a Windows CD for the ill machine? No worries if you don't.

Let me know the answers to the above - Also, use Ubuntu to look for C:\Windows\system32\winlogon.exe and let me know if that is there.

PP:)

Edited by PhilliePhan: clarification

0

writing from the ubuntu machine now.

I got plenty of "prompts for action" - deleted all of the bad files, etc. At one point, it said it could not get rid of, I think, the winlogon files and needed to reboot. Avast! had tried to do this also but the system hung each time it tried and had to be cold started.

I cannot locate the AVP scanlog. I don't see any Kaspersky folders or anything that looks like it could be AVP. Do you know where they should be?

winlogon.exe is there.

I don't a Windows CD - this is an HP machine, should be on the D: drive?

0

I cannot locate the AVP scanlog. I don't see any Kaspersky folders or anything that looks like it could be AVP. Do you know where they should be?
I don't a Windows CD - this is an HP machine, should be on the D: drive?

AVP should have installed to the Desktop Folder - yeah, odd place, but as far as I recall it does that and then uninstalls itself. Perhaps it is still there.

-- Ideally, we would need an XP CD - something we can boot and do a repair with.

Lets give this a try:

Fire up ubuntu and navigate to C:\WINDOWS\ServicePackFiles\i386\winlogon.exe and confirm that it exists.
-- If that is there, then DELETE the C:\Windows\System32\winlogon.exe
-- Then, copy winlogon.exe from servicepackfiles\i386 to system32 folder.

See if that stops the boot loop and allows the compy to boot to Windows.

Let me know.

Also: You can use ubuntu to back up any sensitive data on the ill machine. But, of course, you need to be careful not to spread the infection. Generally documents / video / pictures will be ok. Stay away from backing up programs and executables and the like....

PP:)

Edited by PhilliePhan: Added info

0

OK. Below the stars is the post I made from the infected machine. I want to add some observations so I'm editing the post from a working machine.

could not find a scanlog file on the desktop using IE. I am looking now at the c:\WINDOWS folder and there are two files names explorer, one has the MSDOS logo and a rollover says shortcut to MS-DOS program - properties says created 2/1/2011 which is surprising. size 2.78 KB and size on disk 5.00 KB. if that helps. cmd line C:\WINDOWS\explorer.exe this file is not present on the computer I'm working on so maybe that's part of the problem.

There is no explorer.exe file and, indeed, when I try to open explorer.exe from Task Mgr, the error box says "file cannot be found".

There is another explorer file and strangely a rollover gives no popup - doesn't on this machine either so I guess that's normal. just an observation. properties says it's Windows Explorer Command, 4.00 KB

Again, responses to mouse clicks is slower than normal.

I'm going to reboot the machine now and wait.

**********
so far so good! windows up and running again - kaspersky is still at the same place and there are two logs:

notes: computer running very slow. saved stopped scan report to flash drive and kaspersky report window hung. trying to save the other disinfect active threats report but cannot access report window and do not know if it will re-appear on reboot.

kaspersky report window still unavailable - here is the first scan report:

Autoscan: stopped 20 hours ago (events: 13, objects: 354657, time: 02:58:31)
2/9/2011 5:56:54 AM Task started
2/9/2011 6:34:46 AM Detected: Exploit.Java.Agent.f C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/AppletX.class
2/9/2011 6:44:28 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\BJ\My Documents\Downloads\install_flash_player(2).exe
2/9/2011 6:52:32 AM Deleted: Exploit.Java.Agent.f C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/AppletX.class
2/9/2011 6:52:32 AM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/PayloadX.class
2/9/2011 6:52:39 AM Deleted: Trojan-Downloader.Java.OpenStream.ad C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/PayloadX.class
2/9/2011 6:52:59 AM Deleted: HEUR:Trojan.Win32.Generic C:\Documents and Settings\BJ\My Documents\Downloads\install_flash_player(2).exe
2/9/2011 8:29:35 AM Detected: Backdoor.Win32.Shiz.dfc C:\WINDOWS\system32\dll
2/9/2011 8:30:27 AM Detected: Backdoor.Win32.Shiz.asi C:\WINDOWS\system32\nt.dll
2/9/2011 8:39:00 AM Deleted: Backdoor.Win32.Shiz.asi C:\WINDOWS\system32\nt.dll
2/9/2011 8:39:01 AM Deleted: Backdoor.Win32.Shiz.dfc C:\WINDOWS\system32\dll
2/9/2011 8:54:39 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:25 AM Task stopped
Disinfect active threats: completed 20 hours ago (events: 7, objects: 3198, time: 00:02:48)
2/9/2011 8:58:09 AM Task completed
2/9/2011 8:58:01 AM Will be deleted on system restart: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:57:31 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:27 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:25 AM Will be deleted on system restart: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:22 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:22 AM Task started

Edited by Catalana: n/a

0

On reboot, I resumed Kaspersky and it completed. Here is the report file:

Autoscan: completed 2 minutes ago (events: 15, objects: 3278, time: 00:03:07)
2/9/2011 5:56:54 AM Task started
2/9/2011 6:34:46 AM Detected: Exploit.Java.Agent.f C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/AppletX.class
2/9/2011 6:44:28 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\BJ\My Documents\Downloads\install_flash_player(2).exe
2/9/2011 6:52:32 AM Deleted: Exploit.Java.Agent.f C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/AppletX.class
2/9/2011 6:52:32 AM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/PayloadX.class
2/9/2011 6:52:39 AM Deleted: Trojan-Downloader.Java.OpenStream.ad C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/PayloadX.class
2/9/2011 6:52:59 AM Deleted: HEUR:Trojan.Win32.Generic C:\Documents and Settings\BJ\My Documents\Downloads\install_flash_player(2).exe
2/9/2011 8:29:35 AM Detected: Backdoor.Win32.Shiz.dfc C:\WINDOWS\system32\dll
2/9/2011 8:30:27 AM Detected: Backdoor.Win32.Shiz.asi C:\WINDOWS\system32\nt.dll
2/9/2011 8:39:00 AM Deleted: Backdoor.Win32.Shiz.asi C:\WINDOWS\system32\nt.dll
2/9/2011 8:39:01 AM Deleted: Backdoor.Win32.Shiz.dfc C:\WINDOWS\system32\dll
2/9/2011 8:54:39 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:25 AM Task stopped
2/10/2011 6:43:10 AM Task started
2/10/2011 6:46:17 AM Task completed
Disinfect active threats: completed 21 hours ago (events: 7, objects: 3198, time: 00:02:48)
2/9/2011 8:55:22 AM Task started
2/9/2011 8:55:22 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:25 AM Will be deleted on system restart: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:27 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:57:31 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:58:01 AM Will be deleted on system restart: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:58:09 AM Task completed

0

one has the MSDOS logo and a rollover says shortcut to MS-DOS program - properties says created 2/1/2011 which is surprising. size 2.78 KB and size on disk 5.00 KB. if that helps. cmd line C:\WINDOWS\explorer.exe this file is not present on the computer I'm working on so maybe that's part of the problem.

I am not sure what this is - could be a remnant of an anti-malware program, I don't know. Probably safe to delete it, though.

There is no explorer.exe file and, indeed, when I try to open explorer.exe from Task Mgr, the error box says "file cannot be found".

Right. Explorer.exe is tricky to deal with. Under normal situations, if you try to delete it, you cannot because it is running. If you rename it, a new copy is instantly restored.
But, when we switched it out for Phillies.exe, that freed the infected explorer.exe up to be removed by Avast! -- That is what I think happened.
Eventually we will reverse the process and switch explorer.exe back in....

There is another explorer file and strangely a rollover gives no popup - doesn't on this machine either so I guess that's normal. just an observation. properties says it's Windows Explorer Command, 4.00 KB

When you run it, you'll see that that is the Windows file explorer (or something like that - can't remember) that allows you to navigate directories and files.

2/9/2011 8:29:35 AM Detected: Backdoor.Win32.Shiz.dfc C:\WINDOWS\system32\dll
2/9/2011 8:30:27 AM Detected: Backdoor.Win32.Shiz.asi C:\WINDOWS\system32\nt.dll
2/9/2011 8:39:00 AM Deleted: Backdoor.Win32.Shiz.asi C:\WINDOWS\system32\nt.dll
2/9/2011 8:39:01 AM Deleted: Backdoor.Win32.Shiz.dfc C:\WINDOWS\system32\dll

Ok - now this is the component I was worried about because I don't know how it fits into play - looks like AVPTool got it. Perhaps it monitors the infected files? Don't know, but hopefully that's the last we see of it.

On reboot, I resumed Kaspersky and it completed. Here is the report file:

What do you mean by that? Did you start it again or just access the log?
Looks like it is waiting on a reboot to replace winlogon.exe.... which you already did.
Did you try a reboot? I mean, obviously you have, but when the AVPTool was stopped...

Too bad combofix wouldn't run properly - that would have saved us some time and effort. Once we get things back to 'normal' it might be a good idea to give that another go just to be sure. We'll hold off on that for now, though.

Anyhoo, let me put together a little tool to have a look at some things and we'll go from there. I'll try to post it tonight EST.

PP:)

Edited by PhilliePhan: clarification

0

after getting ubuntu up and fixing winlogon, I rebooted. On the reboot, Kaspersky popped up and asked if wanted to continue where it left off. I did. it didn't find anything else and that's the report you saw.

Meanwhile, to be sure something wasn't lingering on startup, I ran kaspersky again with avast! and firewall turned off. It found this:

Autoscan: completed 10 hours ago (events: 15, objects: 3278, time: 00:03:07)
2/10/2011 6:46:17 AM Task completed
2/10/2011 6:43:10 AM Task started
2/9/2011 8:55:25 AM Task stopped
2/9/2011 8:54:39 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:39:01 AM Deleted: Backdoor.Win32.Shiz.dfc C:\WINDOWS\system32\dll
2/9/2011 8:39:00 AM Deleted: Backdoor.Win32.Shiz.asi C:\WINDOWS\system32\nt.dll
2/9/2011 8:30:27 AM Detected: Backdoor.Win32.Shiz.asi C:\WINDOWS\system32\nt.dll
2/9/2011 8:29:35 AM Detected: Backdoor.Win32.Shiz.dfc C:\WINDOWS\system32\dll
2/9/2011 6:52:59 AM Deleted: HEUR:Trojan.Win32.Generic C:\Documents and Settings\BJ\My Documents\Downloads\install_flash_player(2).exe
2/9/2011 6:52:39 AM Deleted: Trojan-Downloader.Java.OpenStream.ad C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/PayloadX.class
2/9/2011 6:52:32 AM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/PayloadX.class
2/9/2011 6:52:32 AM Deleted: Exploit.Java.Agent.f C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/AppletX.class
2/9/2011 6:44:28 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\BJ\My Documents\Downloads\install_flash_player(2).exe
2/9/2011 6:34:46 AM Detected: Exploit.Java.Agent.f C:\Documents and Settings\BJ\Application Data\Sun\Java\Deployment\cache\6.0\60\4422213c-4808fbf3/myf/y/AppletX.class
2/9/2011 5:56:54 AM Task started
Disinfect active threats: completed 1 day ago (events: 7, objects: 3198, time: 00:02:48)
2/9/2011 8:58:09 AM Task completed
2/9/2011 8:58:01 AM Will be deleted on system restart: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:57:31 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:27 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:25 AM Will be deleted on system restart: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:22 AM Detected: Trojan.Win32.Patched.lk C:\WINDOWS\system32\winlogon.exe
2/9/2011 8:55:22 AM Task started
Autoscan: completed 7 hours ago (events: 4, objects: 304677, time: 02:20:23)
2/10/2011 7:03:32 AM Task started
2/10/2011 7:56:12 AM Detected: Backdoor.Win32.Shiz.asi C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP24\A0016851.dll
2/10/2011 8:15:16 AM Deleted: Backdoor.Win32.Shiz.asi C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP24\A0016851.dll
2/10/2011 9:23:56 AM Task completed
Autoscan: completed 5 hours ago (events: 2, objects: 301940, time: 01:34:05)
2/10/2011 9:29:40 AM Task started
2/10/2011 11:03:45 AM Task completed

so I ran it again and got a clean report - who knows why it didn't pick up backdoor on the first run.

0

after getting ubuntu up and fixing winlogon, I rebooted. On the reboot, Kaspersky popped up and asked if wanted to continue where it left off. I did. it didn't find anything else and that's the report you saw.
Meanwhile, to be sure something wasn't lingering on startup, I ran kaspersky again with avast! and firewall turned off. It found this. . . .
so I ran it again and got a clean report - who knows why it didn't pick up backdoor on the first run.

OK - I see it now. Cool.
That last detection was in System Restore - we would have flushed that manually anyway. That AVP Tool is thorough!

-- I guess AVP Tool is not uninstalling itself any more? Been a while since I played with it....
You can uninstall it now. If we - or you - need it again, best to download a fresh copy of the latest version/build.

-- I am going to put together a tool to restore explorer.exe and also look at a few other things. Hang in there, I am running a bit behind today.
I was thinking it might be a good idea to replace the other copies of explorer.exe and winlogon.exe on your compy, but then I figured AVP Tool would have caught them....


I still want to try a run of combofix after we restore explorer.exe.

If I can't post back today, I'll definitely get back to you tomorrow.

Cheers :)
PP

0

standing by....thanks!!

AllRightyThen!
Sorry for the delay - got a bit tied up.

Anyhoo, let's put explorer.exe back the way it was:

-- Please download the attached ExWin.zip and Extract the ExWin folder from the ZIP to the Desktop.
-- Open the folder and DoubleClick RunThis.bat to run it.
Should take between 15 - 45 seconds to run.
-- A log will pop up. Please post that for me and then REBOOT the compy.
-- After restarting, navigate to C:\Windows\Phillies.exe and Delete it.

Let me know how things are running and we'll go from there.

Cheers :)
PP

0

no log popped up. I can't copy what's in the DOS window so typing:

1 file(s) copied.
1 file(s) copied.
1 file(s) copied.

The operation completed successfully
The system cannot find the file specified.
File Not Found
The system cannot find the file specified.
File Not Found

what is the logfile called?

Edited by Catalana: n/a

0


what is the logfile called?

That's odd - It ran just fine on my XP machine before I zipped it.

-- That stuff in the DOS window is expected. It copied what I wanted to copy and didn't find the two malware files I was looking for.

The log should just pop up - You can find it at C:\peek.txt. There should also be a newly created C:\PEEKTEMP Folder and C:\FDSV.exe and C:\FCIV.exe.

-- Let me know if all 4 are there.

-- Then, DELETE all 4 of those and then give RunThis.bat another go. Let it run for about five minutes - way long enough for it to finish.
As long as the cursor is blinking in the DOS box, let it go for a few minutes.

It probably accomplished what we needed it to do, but the fact that it doesn't finish could indicate more damage on the compy that we haven't yet seen.

Let me know how that shakes out.

What you can also do is check to see if C:\Windows\Explorer.exe is there now.
Then, with a command prompt (start > run > cmd) type or copy and paste:

REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V "Shell"

The result should read Shell REG_SZ Explorer.exe

If that is the case and if C:\Windows\Explorer.exe exists, then Reboot the compy and update me on how things are running.

Then, we can look at trying combofix again - something is still a bit hinky here....

PP:)

0

OK, here's Peek - I did find all 4 files, am proceeding to delete them and run RunThis again. btw, PeekTemp folder was empty. Deleting these 4 files took forever due to the speed of the system...

I'm adding this after reboot: explorer.exe is there and runs!! we're making progress. There is definitely something running, Task Mgr performance curve is spiking up to 50% usage with no inputs. every 30 seconds or so.

Since I found explorer.exe and it runs, I'm going to wait for more input from you before trying anything else. Not even trying RunThis again, as I said above - I know you're in another time zone, so will run mbam and maybe Kaspersky to see if I can flush out what's running and post the reports.

Microsoft Windows XP [Version 5.1.2600]
Fri 02/11/2011
08:50 PM

### Current Winlogon Shell Value ###
Shell REG_SZ Phillies.exe

### Looking for nt.dll ###

!!!!File NOT Found!!!!

### Looking For C:\WINDOWS\system32\dll ###

!!!!File NOT Found!!!!


C:\WINDOWS\System32\winlogon.exe Everyone:(OI)(CI)F


Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:00 AM 502,272 winlogon.exe
1 File(s) 502,272 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 507,904 winlogon.exe
1 File(s) 507,904 bytes

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 507,904 winlogon.exe
1 File(s) 507,904 bytes

Total Files Listed:
3 File(s) 1,518,080 bytes
0 Dir(s) 8,198,746,112 bytes free

Edited by Catalana: n/a

0

I'm adding this after reboot: explorer.exe is there and runs!! we're making progress. There is definitely something running, Task Mgr performance curve is spiking up to 50% usage with no inputs. every 30 seconds or so.

Since I found explorer.exe and it runs, I'm going to wait for more input from you before trying anything else. Not even trying RunThis again, as I said above - I know you're in another time zone, so will run mbam and maybe Kaspersky to see if I can flush out what's running and post the reports.

OK - RunThis.bat did not finish, but it got far enough to swap explorer.exe back in and change the winlogon shell value back to explorer.exe. (Though that doesn't show in the truncated Peek.txt)
RunThis.bat will probably take longer to run on your compy - give it 5 minutes.

-- Did you do the Reg Query to verify the shell value? I always like verification :)
-- Did you Delete C:\windows\Phillies.exe?

Let me know.

-- I doubt a rerun of MBAM or Kaspersky will hurt anything - be sure to update them first.

-- If you want to have a closer look at what is eating cpu, you can download Mark Russinovich's Process Explorer
I use this instead of Task Manager. Much more detailed.
-- When you run it, click Options and select "Replace Task Manager." 'Course you don't have to replace Task Manager to use Process Explorer.... But I think you'll want to!


Anyhoo, update me on what you've done and post any scanlogs that are not completely clean.
Then, I'd like to run combofix in the manner I detailed a few posts back.

Cheers :)
PP

Edited by PhilliePhan: clarification

0

Reg Query got the desired result.
Phillies.exe deleted

mbam ran clean.

I guess we're ready to run combofix?

0


I guess we're ready to run combofix?

Yeah.... Let's see if it'll run now. I'll just copy and paste the instructions again:

-- First, delete your current copy of combofix if it is still on the ill compy.
Then follow the instructions in the link below to download a fresh copy of Combofix and run it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

What I want you to do, though, is this:
When you download it and it asks you to "Save File As," rename combofix to svchost.com and then download it to your Desktop as that.

Once svchost.com is on the Desktop, Click START --> RUN --> and enter or copy&paste the following command in red exactly as shown to start combofix:

"%userprofile%\desktop\svchost.com" /killall


NOTE the space if you type it--> "%userprofile%\desktop\svchost.com" <space>/killall

With any luck that will run and produce a log for us and we can pick it up there.

Let me know how it shakes out.

PP:)

0

hmmmmmmmmmm

in searching for combofix to delete, it's found 145 iterations so far and not finished searching.

I'll delete them all but thought that might influence the thinking on this? I'll wait before any actions just in case - up to 153 while I typed this.

0


I'll delete them all but thought that might influence the thinking on this? I'll wait before any actions just in case - up to 153 while I typed this.

Are those all files in the combofix folder? If so, delete the folder and combofix.exe on the desktop.

Just to be on the safe side, open a command prompt (start>run>cmd) and type or copy&paste:

dir /a /s %systemdrive%\combofix*.* >>C:\Log.txt

dir <space>/a<space> /s<space> %systemdrive%\combofix*.* <space>>>C:\Log.txt

Let it run until it finishes and post me the C:\log.txt

PP:)

Edited by PhilliePhan: n/a

0

Volume in drive C has no label.
Volume Serial Number is 6BB5-2493
Volume in drive C has no label.
Volume Serial Number is 6BB5-2493

Directory of C:\RECYCLER\S-1-5-21-1131580844-927001921-2767165888-1008\Dc10

08/31/2000 08:00 AM 141,312 ComboFix-Download.cfxxe
1 File(s) 141,312 bytes

Total Files Listed:
1 File(s) 141,312 bytes
0 Dir(s) 8,195,936,256 bytes free

0

Directory of C:\RECYCLER\S-1-5-21-1131580844-927001921-2767165888-1008\Dc10

Great - all that's showing is in the recycle bin.

Let's go ahead and DL a new copy and give that a whirl.

If your compy is running slowly, you might have to give combofix extra time to run.

Hopefully it will run and show us if we are missing anything. Post me the long once it finishes.

-- Did you find out what was causing cpu spike?

PP:)

0

OK. Don't know what was causing the CPU spikes....they seem to be gone and I didn't see extraordinary slow speeds when I began ComboFix.

I'm trying to watch progress with Process Explorer (thnx for that btw) but when ComboFix started up it stopped PE. CF asked me to close Avast! but other than that it proceeded normally until it got to the scan screen. It did not progress beyond that...similar to what happened the first time I ran it. no stages, no other activity. After some hours, giving it plenty of time, I tried to access PE again and the computer was hung...didn't even let me click the PE icon.

That's it currently except for: on reboot, everything seems to run at speed with no strange stuff happening while looking at Process Explorer. The complete startup until avast started running seemed a long wait but that may be my perception.

looks like a marathon on this one, thanks again for hanging in there...

0


looks like a marathon on this one, thanks again for hanging in there...

No worries :)

We can try a different tool - but do this first:

-- See if DDS will run and post the log.

Then, let's try running combofix again - but DO NOT touch the computer after combofix has been started. Don't click anything or touch anything. Combofix can be finicky that way.
Let it run for as long as you can - heck overnight, if need be, and let's see if it completes.

Be sure to start it with the command:

"%userprofile%\desktop\svchost.com" /killall

If it doesn't run, we'll try something else.

I doubt malware is interfering with it since AVP Tool ran clean....

Anyhoo, give that a go and let me know.

PP:)

Edited by PhilliePhan: n/a

0

Well, since DDS is non-invasive, I ran it 3 times. It hangs the computer at the same place (number of :s) - I'm watching Task Mgr graph and the system just stops. No reports issued or found.

I'll try ComboFix again. I'll let it run from now at 5pm until tomorrow morning and report back - unless it runs.

0

I'll try ComboFix again. I'll let it run from now at 5pm until tomorrow morning and report back - unless it runs.

OK - I'll keep my fingers crossed. Doesn't sound promising, though....

Not being able to boot to Safe Mode hurts a bit, but I guess we're stuck there.


If Combofix fails to complete after being left to run, then try this:
Download OTL.exe to the Desktop.
-- Run it and click Scan All Users and then hit Quick Scan and post me the resulting logs (if it runs).

Back on Monday evening EST.

PP:)

0

OTL logfile created on: 2/14/2011 5:26:23 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\BJ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.24 Gb Free Space | 22.13% Space Free | Partition Type: NTFS

Computer Name: BJONSON | User Name: BJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/14 05:23:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BJ\Desktop\OTL.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/10/16 19:56:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/02/14 05:23:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BJ\Desktop\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/11/12 16:01:08 | 000,616,960 | ---- | M] (Woodstone bvba) [On_Demand | Stopped] -- C:\Program Files\Salive\serversalive.exe -- (salive)
SRV - [2005/08/02 16:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/02/12 17:17:12 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk41.sys -- (PsSdk41)
DRV - [2011/02/10 06:04:23 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uteznza5.sys -- (uteznza5)
DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\53324512.sys -- (53324512)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\5332451.sys -- (setup_9.0.0.722_09.02.2011_12-06drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\53324511.sys -- (53324511)
DRV - [2009/03/24 09:13:26 | 000,005,365 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NetProbe.sys -- (NetProbe)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/08/02 16:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/08/01 08:45:06 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/30 18:01:55 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/04/14 05:15:20 | 000,055,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/03/16 07:43:06 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/22 06:33:52 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/11/04 13:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/09/23 20:01:02 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/08/17 05:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/03 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/03 03:05:00 | 000,086,138 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/03 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/03 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/03 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/03 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/03 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/03 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/07/14 04:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/06/16 13:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/05/03 11:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2004/04/14 09:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/02/20 11:35:28 | 000,059,044 | R--- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys)
DRV - [2003/06/06 13:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {53A98530-7A8E-4667-8369-F9E2EFEAC367}:1.9.1
FF - prefs.js..extensions.enabledItems: {9764bb84-7272-11dd-8eb6-20d155d89557}:2.0.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{53A98530-7A8E-4667-8369-F9E2EFEAC367}: C:\Documents and Settings\BJ\Local Settings\Application Data\{53A98530-7A8E-4667-8369-F9E2EFEAC367}\ [2010/07/07 02:16:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/23 11:10:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/08 13:56:39 | 000,000,000 | ---D | M]

[2008/08/19 06:21:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BJ\Application Data\Mozilla\Extensions
[2011/02/14 04:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BJ\Application Data\Mozilla\Firefox\Profiles\429rdd9p.default\extensions
[2010/05/18 15:07:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BJ\Application Data\Mozilla\Firefox\Profiles\429rdd9p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/04 10:28:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\BJ\Application Data\Mozilla\Firefox\Profiles\429rdd9p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/14 04:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 06:15:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/27 08:30:14 | 000,000,000 | ---D | M] ("Hide IP Firefox Add-on") -- C:\DOCUMENTS AND SETTINGS\BJ\APPLICATION DATA\HIDEIP_FIREFOX_PLUGIN
[2010/07/07 02:16:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\BJ\LOCAL SETTINGS\APPLICATION DATA\{53A98530-7A8E-4667-8369-F9E2EFEAC367}
[2008/12/01 15:39:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\..Trusted Domains: google.com ([www] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} http://192.168.1.102/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} http://192.168.1.102/PlayerPT.cab (PlayerPT Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.183/NetCamPlayerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://192.168.1.102/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {FA478DB9-803F-4154-9DDB-765EA9E35333} http://192.168.1.107/program/SonySncP1View.cab (Sony SNC-P1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 10:28:53 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/14 05:23:28 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BJ\Desktop\OTL.exe
[2011/02/13 17:33:32 | 000,000,000 | --SD | C] -- C:\svchost.com
[2011/02/12 18:15:41 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\BJ\Application Data\Microsoft\Internet Explorer\Quick Launch\procexp.exe
[2011/02/12 17:03:18 | 000,089,504 | ---- | C] (Smallfrogs Studio) -- C:\FDSV.EXE
[2011/02/12 17:03:18 | 000,000,000 | ---D | C] -- C:\PEEKTEMP
[2011/02/11 20:44:46 | 000,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\BJ\Desktop\FDSV.EXE
[2011/02/10 05:10:42 | 000,000,000 | ---D | C] -- C:\.Trash-999
[2011/02/09 05:49:07 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\5332451.sys
[2011/02/09 05:49:07 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\53324511.sys
[2011/02/09 05:49:07 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\53324512.sys
[2011/02/09 05:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BJ\Desktop\Virus Removal Tool
[2011/02/04 19:29:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/04 19:24:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/04 19:24:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/04 19:24:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/04 19:24:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/04 19:24:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/04 19:22:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/04 10:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BJ\Local Settings\Application Data\jZip
[2011/02/04 10:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\jZip
[2011/02/04 10:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\jZip
[2011/02/03 05:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/02/03 05:46:58 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/29 16:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jCmEfGn14000
[2011/01/18 09:01:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/01/18 07:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/18 06:48:00 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/01/18 06:47:55 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/01/18 06:46:13 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/01/18 06:46:07 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/01/18 06:44:59 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/01/18 06:44:55 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/01/18 06:44:42 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/01/18 06:44:08 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/01/18 06:43:45 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/01/18 06:43:41 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/01/18 06:43:36 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/01/18 06:43:30 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/01/18 06:43:25 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/01/18 06:43:19 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/01/18 06:43:15 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/01/18 06:42:47 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/01/18 06:42:28 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/01/18 06:42:24 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/01/18 06:42:19 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/01/18 06:42:12 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/01/18 06:41:43 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/01/18 06:41:26 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/01/18 06:41:21 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/01/18 06:41:03 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/01/18 06:40:57 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/01/18 06:40:50 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/01/18 06:40:44 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/01/18 06:40:38 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/01/18 06:40:31 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/01/18 06:39:49 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/01/18 06:39:43 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/01/18 06:39:39 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/01/18 06:39:37 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/01/18 06:39:32 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/01/18 06:39:28 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/01/18 06:39:11 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/01/18 06:39:07 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/01/18 06:37:57 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/01/18 06:37:53 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/01/18 06:37:49 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/01/18 06:37:44 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/01/18 06:37:38 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/01/18 06:37:10 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/01/18 06:36:25 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/01/18 06:36:18 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/01/18 06:36:14 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/01/18 06:36:10 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/01/18 06:35:38 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/01/18 06:35:34 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/01/18 06:35:30 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/01/18 06:35:21 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/01/18 06:34:27 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/01/18 06:34:23 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/01/18 06:34:19 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/01/18 06:34:15 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/01/18 06:33:40 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/01/18 06:33:28 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/01/18 06:33:22 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/01/18 06:32:56 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/01/18 06:32:52 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/01/18 06:32:47 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/01/18 06:32:43 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/01/18 06:32:40 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/01/18 06:32:36 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/01/18 06:32:32 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/01/18 06:32:28 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/01/18 06:32:24 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/01/18 06:32:16 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/01/18 06:32:13 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/01/18 06:32:12 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/01/18 06:32:12 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/01/18 06:32:11 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/01/18 06:32:10 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/01/18 06:31:53 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/01/18 06:31:45 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/01/18 06:31:37 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/01/18 06:31:31 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/01/18 06:31:14 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/01/18 06:30:59 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/01/18 06:30:13 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/01/18 06:30:09 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/01/18 06:30:05 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/01/18 06:29:49 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/01/18 06:28:30 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/01/18 06:28:15 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/01/18 06:28:13 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/01/18 06:28:09 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/01/18 06:27:06 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/01/18 06:27:00 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/01/18 06:26:57 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/01/18 06:26:52 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/01/18 06:26:20 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/01/18 06:26:01 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/01/18 06:25:57 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/01/18 06:25:37 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/01/18 06:25:24 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/01/18 06:25:18 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/01/18 06:25:05 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/01/18 06:25:02 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/01/18 06:24:58 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/01/18 06:24:54 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/01/18 06:24:49 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/01/18 06:24:44 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/01/18 06:24:33 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/01/18 06:24:25 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/01/18 06:24:21 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/01/18 06:24:18 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/01/18 06:24:14 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/01/18 06:22:40 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/01/18 06:21:46 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/01/18 06:21:14 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/01/18 06:21:10 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/01/18 06:21:09 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/01/18 06:21:06 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/01/18 06:21:05 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/01/18 06:21:02 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/01/18 06:20:52 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/01/18 06:20:49 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/01/18 06:20:45 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/01/18 06:20:42 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/01/18 06:20:36 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/01/18 06:20:32 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/01/18 06:19:33 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/01/18 06:18:30 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/01/18 06:16:03 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/01/18 06:15:47 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/01/18 06:15:06 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/01/18 06:15:04 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/01/18 06:15:01 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/01/18 06:14:43 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/01/18 06:14:28 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/01/18 06:14:26 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/01/18 06:14:21 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/01/18 06:14:19 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/01/18 06:14:16 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/01/18 06:14:14 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/01/18 06:13:51 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/01/18 06:13:45 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/01/18 06:13:42 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/01/18 06:11:31 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/01/18 06:11:17 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/01/18 06:10:55 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/01/18 06:10:53 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/01/18 06:10:42 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/01/18 06:10:19 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/01/18 06:10:17 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/01/18 06:10:15 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/01/18 06:10:11 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/01/18 06:10:07 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/01/18 06:09:18 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/01/18 06:09:17 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/01/18 06:09:12 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/01/18 06:08:34 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/01/18 06:08:33 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/01/18 06:08:32 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/01/18 06:08:30 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/01/18 06:08:29 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/01/18 06:08:28 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/01/18 06:08:26 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/01/18 06:08:24 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/01/18 06:08:15 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/01/18 06:07:56 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/01/18 06:07:43 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/01/18 06:07:32 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/01/18 06:07:32 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/01/18 06:07:31 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/01/18 06:07:30 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/01/18 06:07:29 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/01/18 06:07:25 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/01/18 06:07:24 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/01/18 06:07:23 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/01/18 06:07:22 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/01/18 06:07:21 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/01/18 06:07:19 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/01/18 06:07:19 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/01/18 06:06:33 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/01/18 06:06:32 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/01/18 06:06:31 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/01/18 06:06:30 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/01/18 06:06:29 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/01/18 06:06:28 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/01/18 06:06:28 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/01/18 06:06:27 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/01/18 06:06:25 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/01/18 06:06:25 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/01/18 06:06:19 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/01/18 06:06:18 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/01/18 06:06:17 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/01/18 06:06:16 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/01/18 06:06:15 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/01/18 06:06:14 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/01/18 06:06:14 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/01/18 06:06:13 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/01/18 06:06:02 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/01/18 06:05:54 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/01/18 06:05:53 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/01/18 06:05:52 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/01/18 06:05:52 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/01/18 06:05:51 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/01/18 06:05:50 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/01/18 06:05:50 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/01/18 06:05:23 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/01/18 06:05:02 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/01/18 06:04:34 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/01/18 06:04:33 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/01/18 06:04:32 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/01/18 06:04:31 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/01/18 06:04:31 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/01/18 06:04:28 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/01/18 06:04:25 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/01/18 06:04:25 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/01/18 06:03:54 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/01/18 06:03:53 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/01/18 06:03:53 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/01/16 07:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BJ\Start Menu\Programs\System Tool
[2011/01/16 07:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bDjDl10900
[2006/10/15 07:20:50 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
[2006/10/15 07:20:48 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc42.dll
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/14 05:23:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BJ\Desktop\OTL.exe
[2011/02/14 05:01:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/14 04:15:20 | 000,462,910 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/14 04:15:20 | 000,080,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/14 04:12:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/14 04:10:41 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/14 04:10:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/14 04:10:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 15:14:41 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\BJ\Desktop\dds.scr
[2011/02/13 08:07:43 | 004,267,346 | R--- | M] () -- C:\Documents and Settings\BJ\Desktop\svchost.com.exe
[2011/02/12 17:17:12 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk41.sys
[2011/02/12 08:00:10 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\BJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/02/11 18:52:42 | 000,004,760 | ---- | M] () -- C:\Documents and Settings\BJ\Desktop\RunThis.bat
[2011/02/10 06:04:23 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uteznza5.sys
[2011/02/09 03:28:53 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 03:10:47 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/07 21:13:34 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\BJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/02/07 21:12:43 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\BJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2011/02/04 19:29:14 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011/02/04 10:28:06 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2011/02/04 10:27:57 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\jZip.lnk
[2011/02/04 10:27:57 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\BJ\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2011/01/31 08:02:18 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/18 15:53:38 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/13 15:14:46 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\BJ\Desktop\dds.scr
[2011/02/13 08:07:31 | 004,267,346 | R--- | C] () -- C:\Documents and Settings\BJ\Desktop\svchost.com.exe
[2011/02/12 17:03:18 | 000,084,784 | ---- | C] () -- C:\FCIV.exe
[2011/02/11 20:44:46 | 000,084,784 | ---- | C] () -- C:\Documents and Settings\BJ\Desktop\FCIV.exe
[2011/02/11 20:44:46 | 000,004,760 | ---- | C] () -- C:\Documents and Settings\BJ\Desktop\RunThis.bat
[2011/02/10 06:04:22 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uteznza5.sys
[2011/02/04 19:29:14 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011/02/04 19:29:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/04 19:24:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/04 19:24:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/04 19:24:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/04 19:24:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/04 19:24:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/04 10:28:06 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\BJ\Application Data\Smiley.ico
[2011/02/04 10:28:06 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2011/02/04 10:27:57 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\jZip.lnk
[2011/02/04 10:27:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\BJ\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2011/01/18 06:47:54 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/01/18 06:47:49 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/01/18 06:29:58 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/01/18 06:29:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/01/18 06:22:53 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/01/18 06:20:25 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/01/18 06:18:50 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/01/18 06:15:59 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/01/18 06:15:51 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/01/18 06:15:43 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/01/18 06:15:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/01/18 06:15:27 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/01/18 06:15:12 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/01/18 06:10:40 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/01/18 06:10:38 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/01/18 06:10:36 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/01/18 06:05:42 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/01/18 06:05:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/01/18 06:05:41 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/01/18 06:05:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/01/18 06:05:40 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/01/18 06:05:39 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/01/18 06:05:38 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/01/18 06:05:38 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/01/18 06:05:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/01/18 06:05:30 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/10/15 02:09:32 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/20 05:42:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otihizajifoha.dll
[2010/07/20 03:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxikoziyequ.dll
[2010/07/20 01:38:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvipologo.dll
[2010/07/19 23:36:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osixuzayahejozu.dll
[2010/07/19 21:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ikocifal.dll
[2010/07/19 19:32:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icehuroz.dll
[2010/07/19 17:30:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abijofulohoqus.dll
[2010/07/19 15:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awademad.dll
[2010/07/19 13:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayusezax.dll
[2010/07/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urubalikoqatu.dll
[2010/07/19 09:22:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icebovidog.dll
[2010/07/19 07:20:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ajetepin.dll
[2010/07/19 05:18:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzoweweciqusolet.dll
[2010/07/19 03:16:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igorixuqu.dll
[2010/07/19 01:14:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itusoxebuxeyaki.dll
[2010/07/18 23:12:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esabiritadumo.dll
[2010/07/18 21:10:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\upovidogosixaxet.dll
[2010/07/18 19:08:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxulidar.dll
[2010/07/18 17:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izojanox.dll
[2010/07/16 06:29:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aheminix.dll
[2010/07/16 04:27:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ifukapakuka.dll
[2010/07/16 02:25:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axavubeqo.dll
[2010/07/16 00:23:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivafomohuxe.dll
[2010/07/15 22:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iwuqinicim.dll
[2010/07/15 20:19:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufaxonugidelubem.dll
[2010/07/15 18:17:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azirujomura.dll
[2010/07/15 16:15:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijurugug.dll
[2010/07/15 14:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ilinomozolocemu.dll
[2010/07/15 12:11:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uketubali.dll
[2010/07/15 10:09:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibecoteziva.dll
[2010/07/15 08:07:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzupabus.dll
[2010/07/15 06:06:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\idutocedo.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/11 12:16:29 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/24 09:13:26 | 000,005,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\NetProbe.sys
[2008/08/17 14:19:21 | 000,001,125 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/08/17 12:30:29 | 000,003,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/02/17 13:51:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info5.ini
[2007/02/17 13:44:54 | 000,594,160 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2007/02/17 13:44:54 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wsmib.dll
[2007/02/17 13:44:54 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2007/02/17 13:44:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\wsmibex.dll
[2007/02/17 13:44:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\IcqMsgSender.dll
[2007/02/17 13:44:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\tccradcom.dll
[2007/02/13 09:05:35 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\BJ\Application Data\L8457789_1
[2006/12/06 07:47:04 | 000,001,920 | ---- | C] () -- C:\WINDOWS\slog.dll
[2006/11/08 09:28:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\refsdm.dll
[2006/10/15 07:30:22 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCP1.ini
[2006/04/27 04:39:25 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\BJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/20 15:23:30 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\BJ\Local Settings\Application Data\fusioncache.dat
[2006/02/20 14:03:45 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/09/15 10:58:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/09 13:31:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/09 13:31:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/09 13:31:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/09 13:31:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/09 13:31:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/09 13:31:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/02 16:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/06/09 22:59:42 | 000,000,381 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/09 22:52:30 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/17 13:18:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:12:40 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/01 04:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/06/29 04:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/08/14 09:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2011/01/16 07:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bDjDl10900
[2005/11/02 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.0 Setup
[2011/01/31 09:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jCmEfGn14000
[2009/08/19 19:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2010/05/13 12:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/11/15 19:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/11/15 19:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/02/12 18:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/15 15:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Blackberry Desktop
[2008/08/30 15:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\BWMonitor
[2007/04/30 06:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Forte
[2010/10/27 08:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Hide IP NG
[2010/10/27 08:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\hideip_firefox_plugin
[2010/08/07 11:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Koad
[2006/08/11 11:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Leadertech
[2010/06/24 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Myxipu
[2009/04/15 15:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Research In Motion
[2011/01/07 14:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Stellarium
[2010/06/29 13:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BJ\Application Data\Zuqo
[2005/09/15 14:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bryan\Application Data\FileMaker
[2007/05/15 14:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bryan\Application Data\Forte
[2005/09/15 14:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bryan\Application Data\RagTime

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AC4C770
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

0

As I was watching PE, there is a spike about every 25 seconds caused by Java Quick Start. Also, as I was typing another note to advise of this, CPU went to 100% - I looked and one of the svchosts was at ~98% and CPU was pegged for some seconds...when I moved the window another OTL log had popped up, strange because I had stopped OTL. Now that I've thought about it, that might have been avast! starting back up - I had stopped it for an hour. Here's the log:

OTL Extras logfile created on: 2/14/2011 5:26:23 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\BJ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.24 Gb Free Space | 22.13% Space Free | Partition Type: NTFS

Computer Name: BJONSON | User Name: BJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1131580844-927001921-2767165888-1008\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"enablefirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"enablefirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\AutoPlay\Software\IPUtility.exe" = D:\AutoPlay\Software\IPUtility.exe:*:Enabled:IPUtility
"C:\WINDOWS\dll32\services.exe" = C:\WINDOWS\dll32\services.exe:*:Enabled:Transparent Proxy Server
"C:\WINDOWS\Outlook.exe" = C:\WINDOWS\Outlook.exe:*:Enabled:Outlook.exe
"C:\WINDOWS\winup32.exe" = C:\WINDOWS\winup32.exe:*:Enabled:winup32.exe
"C:\WINDOWS\system32\wconf32.exe" = C:\WINDOWS\system32\wconf32.exe:*:Enabled:wconf32
"C:\Program Files\Spiceworks\ruby\bin\spiceworks.exe" = C:\Program Files\Spiceworks\ruby\bin\spiceworks.exe:*:Enabled:Ruby used by Spiceworks
"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Setup
"C:\WINDOWS\system32\vaudi32.exe" = C:\WINDOWS\system32\vaudi32.exe:*:Disabled:vaudi32
"C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe" = C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe:*:Enabled:PRTG_Network_Monitor_Admin_Tool
"C:\Program Files\PRTG Network Monitor\PRTG Server.exe" = C:\Program Files\PRTG Network Monitor\PRTG Server.exe:*:Enabled:PRTG_Network_Monitor_Server
"C:\Program Files\PRTG Network Monitor\PRTG Probe.exe" = C:\Program Files\PRTG Network Monitor\PRTG Probe.exe:*:Enabled:PRTG_Network_Monitor_Probe
"C:\Program Files\FileMaker\FileMaker Pro 6\FileMaker Pro.exe" = C:\Program Files\FileMaker\FileMaker Pro 6\FileMaker Pro.exe:*:Enabled:FileMaker Pro -- (FileMaker, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04214FC6-598A-4819-A1BC-7AC88242C437}" = eFax Messenger 4.0
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324CEC09-007A-48EB-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D6E2470-E584-11D4-B097-009027BD8645}" = Axis Camera Explorer
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8680171A-9311-4453-86CA-E39EB5B6C2A3}" = FileMaker Pro 8
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 1.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E5B5A9-88A4-4334-BBD0-96CCF002CBFF}" = HP User Guides 0004
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 1.00 C1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{C9913503-1500-4454-94CD-365ADC1BB9B9}" = Microsoft .NET Framework 1.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{D0572854-191F-45DB-B959-641F8E5C8409}" = HP Accessories Product Tour
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Active WebCam" = Active WebCam
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"avast5" = avast! Free Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Belarc Advisor" = Belarc Advisor 7.2
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"CodeStuff Starter" = CodeStuff Starter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DesignWorkshop Lite" = DesignWorkshop Lite
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"Federal 2009 Ammunition" = Federal 2009 Ammunition
"FinitySoft Network Monitor" = FinitySoft Network Monitor 1.3
"Forte Agent" = Forté Agent
"Google Updater" = Google Updater
"Hide IP NG_is1" = Hide IP NG 1.58
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"IP Setup Program" = IP Setup Program
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NetworkView_is1" = NetworkView Version 3.52
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pirates of the Caribbean Pinball" = Pirates of the Caribbean Pinball
"RagTime 5.6.2" = RagTime 5.6.2
"Servers Alive v6" = Servers Alive v6
"SpywareBlaster_is1" = SpywareBlaster 4.3
"ST5UNST #1" = QuickDESIGN
"ST5UNST #2" = QuickLOAD
"ST6UNST #1" = Invoice By Click
"Stellarium_is1" = Stellarium 0.10.6.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Tool2011" = System Tool2011
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCam Monitor_is1" = WebCam Monitor 3.76
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1131580844-927001921-2767165888-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/18/2010 12:50:41 PM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/18/2010 1:03:32 PM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/20/2010 8:21:31 AM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/22/2010 8:25:46 AM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/23/2010 7:48:39 AM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/25/2010 6:21:29 AM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/25/2010 6:33:58 AM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/26/2010 4:11:13 AM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/27/2010 10:03:36 AM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

Error - 6/28/2010 4:59:35 PM | Computer Name = BJONSON | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 2/7/2011 7:03:17 AM | Computer Name = BJONSON | Source = Application Error | ID = 1000
Description = Faulting application jzip.exe, version 1.3.0.0, faulting module jzip.exe,
version 1.3.0.0, fault address 0x000168cc.

Error - 2/7/2011 3:19:36 PM | Computer Name = BJONSON | Source = Application Error | ID = 1000
Description = Faulting application jzip.exe, version 1.3.0.0, faulting module jzip.exe,
version 1.3.0.0, fault address 0x000168cc.

Error - 2/8/2011 6:52:55 AM | Computer Name = BJONSON | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 5.1.889.0, faulting module
avastui.exe, version 5.1.889.0, fault address 0x001fb0cf.

Error - 2/8/2011 7:23:02 AM | Computer Name = BJONSON | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 5.1.889.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000449cf.

Error - 2/8/2011 2:48:05 PM | Computer Name = BJONSON | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 5.1.889.0, faulting module
avastui.exe, version 5.1.889.0, fault address 0x001fb0cf.

Error - 2/8/2011 2:48:10 PM | Computer Name = BJONSON | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 5.1.889.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000449cf.

Error - 2/9/2011 6:49:12 AM | Computer Name = BJONSON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/9/2011 6:55:00 AM | Computer Name = BJONSON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 2/10/2011 7:09:00 AM | Computer Name = BJONSON | Source = Application Hang | ID = 1002
Description = Hanging application setup_9.0.0.722_09.02.2011_12-06.exe, version
9.0.0.722, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/11/2011 9:49:54 PM | Computer Name = BJONSON | Source = Application Error | ID = 1000
Description = Faulting application jzip.exe, version 1.3.0.0, faulting module jzip.exe,
version 1.3.0.0, fault address 0x000168cc.

[ System Events ]
Error - 2/13/2011 6:33:50 PM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/13/2011 6:33:50 PM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/13/2011 6:33:50 PM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 2/13/2011 6:33:50 PM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

Error - 2/13/2011 6:33:50 PM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/13/2011 6:33:50 PM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/13/2011 6:34:41 PM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 2/14/2011 5:10:20 AM | Computer Name = BJONSON | Source = SCardSvr | ID = 602
Description = WDM Reader driver initialization cannot open reader device: The system
cannot find the path specified.

Error - 2/14/2011 5:11:19 AM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2/14/2011 5:12:40 AM | Computer Name = BJONSON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde PCIIde ViaIde


< End of report >

Edited by Catalana: n/a

0

when I moved the window another OTL log had popped up, strange because I had stopped OTL. Now that I've thought about it, that might have been avast! starting back up - I had stopped it for an hour. Here's the log:

OTL produces Two logs on it's initial run - The OTL Log and the Extras Log. I probably should've been clearer instead of just asking for the "logs."

No Worries :)

At quick glance, I don't see much. Though, it looks like you've tried a number of tools before we started here.

-- Fire up OTL.exe again and copy and paste the text in Red into the Custom Scans/Fixes Box:

:OTL
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1131580844-927001921-2767165888-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
[2010/07/20 05:42:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otihizajifoha.dll
[2010/07/20 03:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxikoziyequ.dll
[2010/07/20 01:38:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvipologo.dll
[2010/07/19 23:36:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osixuzayahejozu.dll
[2010/07/19 21:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ikocifal.dll
[2010/07/19 19:32:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icehuroz.dll
[2010/07/19 17:30:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abijofulohoqus.dll
[2010/07/19 15:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awademad.dll
[2010/07/19 13:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayusezax.dll
[2010/07/19 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urubalikoqatu.dll
[2010/07/19 09:22:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icebovidog.dll
[2010/07/19 07:20:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ajetepin.dll
[2010/07/19 05:18:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzoweweciqusolet.dll
[2010/07/19 03:16:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igorixuqu.dll
[2010/07/19 01:14:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itusoxebuxeyaki.dll
[2010/07/18 23:12:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esabiritadumo.dll
[2010/07/18 21:10:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\upovidogosixaxet.dll
[2010/07/18 19:08:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxulidar.dll
[2010/07/18 17:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izojanox.dll
[2010/07/16 06:29:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aheminix.dll
[2010/07/16 04:27:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ifukapakuka.dll
[2010/07/16 02:25:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axavubeqo.dll
[2010/07/16 00:23:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivafomohuxe.dll
[2010/07/15 22:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iwuqinicim.dll
[2010/07/15 20:19:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufaxonugidelubem.dll
[2010/07/15 18:17:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azirujomura.dll
[2010/07/15 16:15:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijurugug.dll
[2010/07/15 14:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ilinomozolocemu.dll
[2010/07/15 12:11:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uketubali.dll
[2010/07/15 10:09:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibecoteziva.dll
[2010/07/15 08:07:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzupabus.dll
[2010/07/15 06:06:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\idutocedo.dll
:commands
[EMPTYTEMP]

-- Click Run Fix and let it run.
-- OTL should force a reboot of your compy. If it doesn't, Reboot the machine manually.
-- Please post the Fix Log for me.

Will try to check back as time permits.

PP:)

Edited by PhilliePhan: n/a

0

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1131580844-927001921-2767165888-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1131580844-927001921-2767165888-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-1131580844-927001921-2767165888-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\WINDOWS\otihizajifoha.dll moved successfully.
C:\WINDOWS\oxikoziyequ.dll moved successfully.
C:\WINDOWS\uvipologo.dll moved successfully.
C:\WINDOWS\osixuzayahejozu.dll moved successfully.
C:\WINDOWS\ikocifal.dll moved successfully.
C:\WINDOWS\icehuroz.dll moved successfully.
C:\WINDOWS\abijofulohoqus.dll moved successfully.
C:\WINDOWS\awademad.dll moved successfully.
C:\WINDOWS\ayusezax.dll moved successfully.
C:\WINDOWS\urubalikoqatu.dll moved successfully.
C:\WINDOWS\icebovidog.dll moved successfully.
C:\WINDOWS\ajetepin.dll moved successfully.
C:\WINDOWS\uzoweweciqusolet.dll moved successfully.
C:\WINDOWS\igorixuqu.dll moved successfully.
C:\WINDOWS\itusoxebuxeyaki.dll moved successfully.
C:\WINDOWS\esabiritadumo.dll moved successfully.
C:\WINDOWS\upovidogosixaxet.dll moved successfully.
C:\WINDOWS\uxulidar.dll moved successfully.
C:\WINDOWS\izojanox.dll moved successfully.
C:\WINDOWS\aheminix.dll moved successfully.
C:\WINDOWS\ifukapakuka.dll moved successfully.
C:\WINDOWS\axavubeqo.dll moved successfully.
C:\WINDOWS\ivafomohuxe.dll moved successfully.
C:\WINDOWS\iwuqinicim.dll moved successfully.
C:\WINDOWS\ufaxonugidelubem.dll moved successfully.
C:\WINDOWS\azirujomura.dll moved successfully.
C:\WINDOWS\ijurugug.dll moved successfully.
C:\WINDOWS\ilinomozolocemu.dll moved successfully.
C:\WINDOWS\uketubali.dll moved successfully.
C:\WINDOWS\ibecoteziva.dll moved successfully.
C:\WINDOWS\uzupabus.dll moved successfully.
C:\WINDOWS\idutocedo.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: BJ
->Temp folder emptied: 132463282 bytes
->Temporary Internet Files folder emptied: 53437243 bytes
->Java cache emptied: 173511870 bytes
->FireFox cache emptied: 60106190 bytes
->Flash cache emptied: 876559 bytes

User: bryan
->Temp folder emptied: 7185 bytes
->Temporary Internet Files folder emptied: 44728382 bytes
->Java cache emptied: 4572 bytes
->FireFox cache emptied: 52026046 bytes
->Flash cache emptied: 30708 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 374780 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4005393 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 313113 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 109644220 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 602.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02152011_071011

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.