Free Malware Removal Forum

[jinr]

A few reasons I'm suspicious:

There is a strange driver "agktwfzm.sys" hanging out in the kernel
Windows Updates doesn't open - The settings say it's running, but there are never any notifications of updates. When I try to use Microsofts' update site, it fails.

But other than this, the computer seems to work just fine - internet browsing works perfectly, there seem to be no suspicious messages or CPU usage..

Also, I'm using Avira, but there are bits and pieces of all kinds of other antivirus programs that have been installed and uninstalled on the computer (McAfee, AOL, etc)...

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:18:32, on 8/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dad\Desktop\rtkitfinder.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Dad\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 14378
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\RunOnce: [l4te7vf.exe] C:\WINDOWS\system32\l4te7vf.exe /k (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\RunOnce: [GASetDesktop] rundll32.exe "C:\PROGRA~1\AOLDES~1\GAUsrMan.ocx",Entry1 "AOL Active Desktop" "C:\PROGRA~1\AOLDES~1\aolpc.htm" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jdk1.6.0\jre\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jdk1.6.0\jre\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15
O15
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9203794055
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BAK - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\Dad\LOCALS~1\Temp\BAK.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: DADAXZAIZU - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\Dad\LOCALS~1\Temp\DADAXZAIZU.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7668 bytes

Thank you

[Wingman]

Hello... jinr... Welcome to the forum.
My name is Wingman, and I'll be helping you with any malware problems.
HijackThis logs can take a while to research, so please be patient.

I am currently under the guidance of the MRU teachers, everything I post to you, has been reviewed by them.
This additional review process can add some extra time to my responses...but not too much.

Before we begin...please note the following important guidelines.

1. The instructions being given are for YOUR computer and system only!
   Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
2. DO NOT run any other fix or removal tools unless instructed to do so!
3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
4. Please, if you have questions about something...ASK, don't guess or assume.
5. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
7. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

If you follow these guidelines, things should proceed smoothly.
I am currently reviewing your log and will return, as soon as possible, with additional instructions.
In the meantime... please perform the following steps.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.

1. Double click on RSIT.exe to run it.
2. Please read the disclaimer... click on Continue.
3. RSIT will start running. When done... 2 logs files...will be produced.
4. The first one, "log.txt", will be maximized
5. The second one, "info.txt", will be minimized.

Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 2.
Please include in your next reply:

1. Any problem executing the instructions?
2. RSIT log.txt and info.txt file contents

Thanks,
Wingman

[jinr]

Hi Wingman, thanks for your help

log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-08-07 21:26:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (10%) free of 31 GB
Total RAM: 735 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:15, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Documents and Settings\Dad\Desktop\RSIT.exe
C:\Documents and Settings\Dad\Desktop\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 14378
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\RunOnce: [l4te7vf.exe] C:\WINDOWS\system32\l4te7vf.exe /k (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\RunOnce: [GASetDesktop] rundll32.exe "C:\PROGRA~1\AOLDES~1\GAUsrMan.ocx",Entry1 "AOL Active Desktop" "C:\PROGRA~1\AOLDES~1\aolpc.htm" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jdk1.6.0\jre\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jdk1.6.0\jre\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9203794055
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BAK - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\Dad\LOCALS~1\Temp\BAK.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: DADAXZAIZU - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\Dad\LOCALS~1\Temp\DADAXZAIZU.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7596 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{6913DB73-FC22-40F0-8552-761935D6D6DE}_OFFICE_Al.job
C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_OFFICE_Al.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-10-04 235936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe [2006-03-07 992808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=3
"Apfsaup830nu"=3
"aolavupd"=3
"AOL TopSpeedMonitor"=3
"AOL ACS"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1098492738\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1098492738\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\Aolload.exe"="C:\Program Files\Common Files\AOL\Loader\Aolload.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\AOLTSMON.EXE"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\AOLTSMON.EXE:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\Aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\Aoltpspd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\MSN\MSNCoreFiles\MSN.EXE"="C:\Program Files\MSN\MSNCoreFiles\MSN.EXE:*:Enabled:msn"
"C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe:*:Enabled:Verizon Online Updates"
"C:\WINDOWS\System32\lexpps.exe"="C:\WINDOWS\System32\lexpps.exe:*:Enabled:LEXPPS.EXE"
"C:\Program Files\America Online 9.0l\waol.exe"="C:\Program Files\America Online 9.0l\waol.exe:*:Enabled:America Online 9.0l"
"C:\WINDOWS\System32\java.exe"="C:\WINDOWS\System32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Documents and Settings\Dad\Local Settings\Temp\java_ee_sdk-5-windows.exe2\package\jre\bin\javaw.exe"="C:\Documents and Settings\Dad\Local Settings\Temp\java_ee_sdk-5-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Sun\AppServer\JDK\BIN\JAVA.EXE"="C:\Sun\AppServer\JDK\BIN\JAVA.EXE:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jdk1.5.0_09\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_09\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\WINDOWS\java.exe"="C:\WINDOWS\java.exe:*:Enabled:java"
"C:\Documents and Settings\Dad\Desktop\jre-1_5_0_06-windows-i586-p-iftw.exe"="C:\Documents and Settings\Dad\Desktop\jre-1_5_0_06-windows-i586-p-iftw.exe:*:Enabled:jre-1_5_0_06-windows-i586-p-iftw"
"C:\Program Files\Java\jdk1.6.0\JRE\BIN\javaw.exe"="C:\Program Files\Java\jdk1.6.0\JRE\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\JRE\BIN\java.exe"="C:\Program Files\Java\jdk1.6.0\JRE\BIN\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\bin\java.exe"="C:\Program Files\Java\jdk1.6.0\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\WINDOWS\System32\DPNSVR.EXE"="C:\WINDOWS\System32\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\System32\dxdiag.exe"="C:\WINDOWS\System32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Java\jdk1.6.0\jre\bin\rmiregistry.exe"="C:\Program Files\Java\jdk1.6.0\jre\bin\rmiregistry.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\jre\bin\rmid.exe"="C:\Program Files\Java\jdk1.6.0\jre\bin\rmid.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\System32\java32.exe"="C:\WINDOWS\System32\java32.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\bin\jconsole.exe"="C:\Program Files\Java\jdk1.6.0\bin\jconsole.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\System32\ftp.exe"="C:\WINDOWS\System32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\sbin\portmap.exe"="C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\sbin\portmap.exe:*:Enabled:portmap"
"C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\bin\rstat.exe"="C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\bin\rstat.exe:*:Enabled:rstat"
"C:\a\Xming\Xming.exe"="C:\a\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\Program Files\TurboTax\Deluxe 2007\32BIT\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32BIT\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32BIT\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32BIT\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\a67\veoh\VeohClient.exe"="C:\a67\veoh\VeohClient.exe:*:Enabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-08-07 21:26:44 ----D---- C:\rsit
2009-08-04 17:18:18 ----A---- C:\WINDOWS\system32\OLD121.tmp
2009-08-03 18:19:14 ----A---- C:\WINDOWS\system32\OLD98.tmp
2009-08-03 01:48:21 ----A---- C:\WINDOWS\system32\OLD76.tmp
2009-08-02 03:15:02 ----A---- C:\WINDOWS\system32\OLD61.tmp
2009-08-01 22:13:50 ----D---- C:\WINDOWS\LastGood
2009-07-23 16:01:03 ----D---- C:\a
2009-07-21 15:10:29 ----A---- C:\WINDOWS\isRS-000.tmp

======List of files/folders modified in the last 1 months======

2009-08-01 19:48:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 20:58:20 ----A---- C:\WINDOWS\WORDPAD.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-07 97928]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2006-03-07 80640]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-07 76040]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-05-29 743887]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2003-05-26 166912]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-07 26824]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\System32\DRIVERS\admjoy.sys [2002-08-28 10880]
S3 awkohctu;awkohctu; \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\awkohctu.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2008-04-13 63744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-09-06 114464]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2003-05-26 166912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STV680;USB Dual-mode Camera; C:\WINDOWS\system32\drivers\STV680.sys [2002-02-11 119536]
S3 STV680m;USB Dual-mode Cameram; C:\WINDOWS\system32\drivers\STV680m.sys [2002-02-11 9024]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8830.sys [2001-08-17 747392]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-24 303104]
S2 CSIScanner;CSIScanner; C:\Program Files\PrevxCSI\prevxcsi.exe /service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 BAK;BAK; C:\DOCUME~1\Dad\LOCALS~1\Temp\BAK.exe [2009-08-01 379776]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DADAXZAIZU;DADAXZAIZU; C:\DOCUME~1\Dad\LOCALS~1\Temp\DADAXZAIZU.exe [2009-08-01 535424]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe []
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe []
S4 aolavupd;AOL Antivirus Update Service; C:\Program Files\Common Files\AOL\1098492738\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe []
S4 Apfsaup830nu;Apfsaup830nu; C:\WINDOWS\system32\drivers\sym_u3.sys [2001-08-17 30688]
S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704]
S4 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-09-13 263696]
S4 McShield;McAfee McShield; C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe [2005-09-06 221184]
S4 MpfService;McAfee Personal Firewall Service; C:\Program Files\mcafee.com\personal firewall\MPFService.exe [2006-03-07 548864]

-----------------EOF-----------------

[jinr]

info.txt:

info.txt logfile of random's system information tool 1.06 2009-08-07 21:27:32

======Uninstall list======

-->"C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
-->"C:\Program Files\mcafee.com\personal firewall\aol\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
-->C:\PROGRA~1\VERIZO~1\Uninstall.exe Verizon
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\McAfee\Installer\mcinst.exe "C:\Program Files\mcafee.com\personal firewall\mpfp.inf" /uninstall
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00BF-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03D9-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03DA-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AllToAVI v4 r5394-->C:\Program Files\AllToAVI\uninst.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Anvil Studio-->C:\WINDOWS\system32\AsUninst.exe
aol 9 screensaver Screen Saver-->C:\WINDOWS\NCUNINST.EXe REMOVE aol 9 screensaver
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Computer Check-Up-->rundll32 C:\PROGRA~1\AOLCOM~1\AUInst.dll,ExUninstall
AOL Desktop-->C:\PROGRA~1\AOLDES~1\unwise.exe /A C:\PROGRA~1\AOLDES~1\install.log
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Cavaj Java Decompiler-->C:\WINDOWS\IsUninst.exe -f"c:\documents and settings\dad\desktop\cavajdemo\Uninst.isu"
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
FLV Player 1.3.3-->"C:\a\FLVPlayer\uninstall.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Video Player-->"C:\a\Uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Dad\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Icon Converter 1.3-->"C:\a\Image Icon Converter\unins000.exe"
Java(TM) SE Development Kit 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160000}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3f1_5d493\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LeadTool-->MsiExec.exe /I{050ED764-D5FD-4D33-8FCD-AC48250C0798}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark Z600 Series-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Matroska Pack - Lazy Man's MKV 0.9.9-->C:\a\codec\unins000.exe
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Express 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9-->C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Encarta Plus Support Files-->MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicnotes Player-->C:\PROGRA~1\MUSICN~1\Player\Musnotes.exe /u
PCDADDIN-->MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP-->MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCDrdsho-->MsiExec.exe /I{C42C10A8-F2F4-4846-B772-ABD1912A2E85}
Prevx CSI-->"C:\Program Files\PrevxCSI\prevxcsi.exe" /prop UNINSTALL=Y
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.1.3-->C:\Program Files\RegCure\uninst.exe
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Safety and Security Center Uninstaller-->C:\Program Files\Common Files\AOL\uninstaller.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
Sibelius Scorch Plugin-->"C:\Program Files\Musicnotes\uninstsc.exe"
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wnyiper-->MsiExec.exe /I{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Deluxe 2004-->C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB MassStorage CardReader-->C:\Program Files\Kodak\040a_5005\Remove.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Verizon Online Support Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00A1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
Verizon Online-->C:\WINDOWS\system32\VerizonUninstaller.exe
VideoLAN VLC media player 0.8.6e-->C:\a\vlc\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Documents and Settings\Dad\Desktop\New Folder\RAR\uninstall.exe
Xming 6.9.0.28-->"C:\a\Xming\unins000.exe"
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: AVG Anti-Virus (disabled) (outdated)
AV: AntiVir Desktop
AV: AOL Antivirus (outdated)
FW: AOL Firewall

======System event log======

Computer Name: OFFICE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E04CB7A8C6. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 22040
Source Name: Dhcp
Time Written: 20090209070059.000000-300
Event Type: warning
User:

Computer Name: OFFICE
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 22038
Source Name: Windows Update Agent
Time Written: 20090208171924.000000-300
Event Type: error
User:

Computer Name: OFFICE
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070003: Automatic Updates.

Record Number: 22036
Source Name: Windows Update Agent
Time Written: 20090208155636.000000-300
Event Type: error
User:

Computer Name: OFFICE
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070003: Automatic Updates.

Record Number: 22028
Source Name: Windows Update Agent
Time Written: 20090208081450.000000-300
Event Type: error
User:

Computer Name: OFFICE
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070003: Automatic Updates.

Record Number: 22023
Source Name: Windows Update Agent
Time Written: 20090207152424.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: OFFICE
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 1642
Source Name: SecurityCenter
Time Written: 20070602083937.000000-300
Event Type: error
User:

Computer Name: OFFICE
Event Code: 1015
Message: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000354. The machine
must now be restarted.

Record Number: 1640
Source Name: Winlogon
Time Written: 20070602083131.000000-300
Event Type: error
User:

Computer Name: OFFICE
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 1638
Source Name: SecurityCenter
Time Written: 20070602082940.000000-300
Event Type: error
User:

Computer Name: OFFICE
Event Code: 1000
Message: Faulting application ntsd.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Record Number: 1636
Source Name: Application Error
Time Written: 20070602082824.000000-300
Event Type: error
User:

Computer Name: OFFICE
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 1634
Source Name: SecurityCenter
Time Written: 20070602082621.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=C:\WINDOWS\system32\;C:\Program Files\Java\jdk1.6.0\bin\;C:\a\dm849c\dm\bin\;C:\Documents and Settings\Dad\Desktop\rc\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0103
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"WINDIR"=C:\WINDOWS\

-----------------EOF-----------------

[Wingman]

Hello jinr,
Please let me know if this is your own personal computer or are you trying to help someone with their computer problem?
I ask because the last time you posted, it was with different machine and different installed software.

Thanks,
Wingman

[jinr]

This is a machine that I use, and other people in my family use also. Also, there doesn't appear to be any problems - aside from the symptoms I described, it works perfectly. But is there anything in the logs that indicates virus/malware?

[Wingman]

Hello jinr,
Let's run a couple checks to see what they uncover...
Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
TFC (Temp File Cleaner)

1. Please download TFC.exe...by Old Timer. Save it to your desktop.
   Print these instructions. Save any unsaved work. TFC will close ALL open programs... including your browser!
2. Double click on TFC.exe to run it. Click the Start button to begin the cleanup.
   TFC will begin cleaning up the "temp" files... it may take only a few seconds or it could be several minutes, depending on the amount of temp files found.
3. If prompted to reboot... click Yes.

! Important ! If TFC prompts you to reboot, please do so immediately, before proceeding to any other steps or other use of your computer.

Step 2.
Malwarebytes' Anti-Malware
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download site available here.

1. Make sure you are connected to the Internet.
2. Double-click on Download_mbam-setup.exe to install the application.
   When the installation begins, follow the prompts and do not make any changes to default settings.
3. When installation has finished, make sure you leave both of these checked:
   • Update Malwarebytes' Anti-Malware
   • Launch Malwarebytes' Anti-Malware
   • Then click Finish.
   MBAM will automatically start and you will be asked to update the program before performing a scan.
   If an update is found, the program will automatically update itself.
   
   • Press the OK button to close that box and continue.
   • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.

On the Scanner tab:

1. Make sure the "Perform Quick Scan" option is selected.
2. Then click on the Scan button.
3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
   The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
4. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
5. Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

1. Click on the Show Results button to see a list of any malware that was found.
2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
   We will take care of the System Volume Information items later.
   When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
3. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
   The log can also be found here:
   C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
4. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 3.
Rooter
Please download Rooter.exe... Copyrighted © by... Eric_71. Save it to your desktop.
SCAN

1. Double-click on Rooter.exe icon on your desktop, to execute.
   If you receive the "Open File" security warning, press Run. The Rooter interface will appear, with a variety of options displayed.
2. To run the Scan... press the Scan...button.
3. Notepad will open with a file created called "Rooter#.txt" ... located at %systemdrive%\Rooter$\Rooter#.txt. (# is the number assigned to the report)
   The location of the report file is shown in the bottom display window.
4. Press the Close button, to close the Rooter window.

Please copy and paste the contents of Rooter#.txt in you next reply.

Step 4.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.

1. Double click on RSIT.exe to run it.
2. Please read the disclaimer... click on Continue.
   RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
3. Please post ONLY the new "log.txt", file contents in your next reply.
   (This log can be lengthy, so a separate post may be needed.)

Step 5.
Please include in your next reply:

1. Any problem executing the instructions?
2. MBAM report
3. Rooter#.txt file contents
4. New RSIT log
5. How is the computer behaving?

Thanks,
Wingman

[jinr]

I downloaded an ran TFC cleaner fine .. but when I logged back on I discovered it had deleted many gigabytes of extremely important files. Right now I'm going through restoring them with a freeware file restoration program. I don't know how long this will take, so please consider this postponed until I'm finished .. thank you

[jinr]

Sorry, I overreacted. TFC didn't delete anything that important after all ..

I already had Malwarebytes installed, so I just updated it.

Malwarebytes' Anti-Malware 1.40
Database version: 2615
Windows 5.1.2600 Service Pack 3

8/13/2009 12:38:58 AM
mbam-log-2009-08-13 (00-38-58).txt

Scan type: Quick Scan
Objects scanned: 119829
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Rooter log:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 1 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.13 (en-US)
.
A:\ [Removable]
C:\ [Fixed-FAT32] .. ( Total:30 Go - Free:5 Go )
D:\ [Fixed-FAT32] .. ( Total:6 Go - Free:4 Go )
E:\ [CD_Rom]
.
Scan : 00:40.03
Path : C:\Documents and Settings\Dad\Desktop\Rooter.exe
User : Dad ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (524)
______ \??\C:\WINDOWS\system32\csrss.exe (588)
______ \??\C:\WINDOWS\system32\winlogon.exe (612)
______ C:\WINDOWS\system32\services.exe (656)
______ C:\WINDOWS\system32\lsass.exe (676)
______ C:\WINDOWS\system32\svchost.exe (844)
______ C:\WINDOWS\system32\svchost.exe (892)
______ C:\WINDOWS\System32\svchost.exe (988)
______ C:\WINDOWS\System32\svchost.exe (1116)
______ C:\WINDOWS\System32\svchost.exe (1300)
______ C:\WINDOWS\Explorer.EXE (1436)
______ C:\WINDOWS\system32\LEXBCES.EXE (1532)
______ C:\WINDOWS\system32\LEXPPS.EXE (1568)
______ C:\WINDOWS\system32\spoolsv.exe (1576)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (1660)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (1924)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1944)
______ C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (2040)
______ C:\WINDOWS\System32\svchost.exe (476)
______ C:\WINDOWS\wanmpsvc.exe (548)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (932)
______ C:\WINDOWS\System32\alg.exe (2212)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2360)
______ C:\WINDOWS\system32\taskmgr.exe (2088)
______ C:\WINDOWS\system32\cmd.exe (1244)
______ C:\WINDOWS\system32\NOTEPAD.EXE (3016)
______ C:\Documents and Settings\Dad\Desktop\Rooter.exe (148)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:32588527104)
\Device\Harddisk0\Partition0 (Start_Offset:32588559360 | Length:7427427840)
\Device\Harddisk0\Partition2 (Start_Offset:32588591616 | Length:7427395584)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\{6913DB73-FC22-40F0-8552-761935D6D6DE}_OFFICE_Al.job
C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_OFFICE_Al.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 00:40.35
.
C:\Rooter$\Rooter_1.txt - (13/08/2009 | 00:40.35)


Rsit log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-08-13 00:43:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (17%) free of 31 GB
Total RAM: 735 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:51, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Dad\Desktop\RSIT.exe
C:\Documents and Settings\Dad\Desktop\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 14378
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\RunOnce: [l4te7vf.exe] C:\WINDOWS\system32\l4te7vf.exe /k (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\RunOnce: [GASetDesktop] rundll32.exe "C:\PROGRA~1\AOLDES~1\GAUsrMan.ocx",Entry1 "AOL Active Desktop" "C:\PROGRA~1\AOLDES~1\aolpc.htm" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jdk1.6.0\jre\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jdk1.6.0\jre\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9203794055
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BAK - Unknown owner - C:\DOCUME~1\Dad\LOCALS~1\Temp\BAK.exe (file missing)
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: DADAXZAIZU - Unknown owner - C:\DOCUME~1\Dad\LOCALS~1\Temp\DADAXZAIZU.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7581 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{6913DB73-FC22-40F0-8552-761935D6D6DE}_OFFICE_Al.job
C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_OFFICE_Al.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe [2006-03-07 992808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=3
"Apfsaup830nu"=3
"aolavupd"=3
"AOL TopSpeedMonitor"=3
"AOL ACS"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1098492738\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1098492738\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\Aolload.exe"="C:\Program Files\Common Files\AOL\Loader\Aolload.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\AOLTSMON.EXE"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\AOLTSMON.EXE:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\Aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\Aoltpspd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\MSN\MSNCoreFiles\MSN.EXE"="C:\Program Files\MSN\MSNCoreFiles\MSN.EXE:*:Enabled:msn"
"C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe:*:Enabled:Verizon Online Updates"
"C:\WINDOWS\System32\lexpps.exe"="C:\WINDOWS\System32\lexpps.exe:*:Enabled:LEXPPS.EXE"
"C:\Program Files\America Online 9.0l\waol.exe"="C:\Program Files\America Online 9.0l\waol.exe:*:Enabled:America Online 9.0l"
"C:\WINDOWS\System32\java.exe"="C:\WINDOWS\System32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Documents and Settings\Dad\Local Settings\Temp\java_ee_sdk-5-windows.exe2\package\jre\bin\javaw.exe"="C:\Documents and Settings\Dad\Local Settings\Temp\java_ee_sdk-5-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Sun\AppServer\JDK\BIN\JAVA.EXE"="C:\Sun\AppServer\JDK\BIN\JAVA.EXE:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jdk1.5.0_09\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_09\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\WINDOWS\java.exe"="C:\WINDOWS\java.exe:*:Enabled:java"
"C:\Documents and Settings\Dad\Desktop\jre-1_5_0_06-windows-i586-p-iftw.exe"="C:\Documents and Settings\Dad\Desktop\jre-1_5_0_06-windows-i586-p-iftw.exe:*:Enabled:jre-1_5_0_06-windows-i586-p-iftw"
"C:\Program Files\Java\jdk1.6.0\JRE\BIN\javaw.exe"="C:\Program Files\Java\jdk1.6.0\JRE\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\JRE\BIN\java.exe"="C:\Program Files\Java\jdk1.6.0\JRE\BIN\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\bin\java.exe"="C:\Program Files\Java\jdk1.6.0\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\WINDOWS\System32\DPNSVR.EXE"="C:\WINDOWS\System32\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\System32\dxdiag.exe"="C:\WINDOWS\System32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Java\jdk1.6.0\jre\bin\rmiregistry.exe"="C:\Program Files\Java\jdk1.6.0\jre\bin\rmiregistry.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\jre\bin\rmid.exe"="C:\Program Files\Java\jdk1.6.0\jre\bin\rmid.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\System32\java32.exe"="C:\WINDOWS\System32\java32.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\bin\jconsole.exe"="C:\Program Files\Java\jdk1.6.0\bin\jconsole.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\System32\ftp.exe"="C:\WINDOWS\System32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\sbin\portmap.exe"="C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\sbin\portmap.exe:*:Enabled:portmap"
"C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\bin\rstat.exe"="C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\bin\rstat.exe:*:Enabled:rstat"
"C:\a\Xming\Xming.exe"="C:\a\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\Program Files\TurboTax\Deluxe 2007\32BIT\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32BIT\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32BIT\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32BIT\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\a67\veoh\VeohClient.exe"="C:\a67\veoh\VeohClient.exe:*:Enabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-08-13 00:40:35 ----D---- C:\Rooter$
2009-08-12 21:13:16 ----D---- C:\WINDOWS\LastGood
2009-08-12 20:45:48 ----D---- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
2009-08-07 21:26:44 ----D---- C:\rsit
2009-07-23 16:01:03 ----D---- C:\a

======List of files/folders modified in the last 1 months======

2009-08-12 20:33:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 20:58:20 ----A---- C:\WINDOWS\WORDPAD.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-07 97928]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2006-03-07 80640]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-07 76040]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-05-29 743887]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2003-05-26 166912]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-07 26824]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\System32\DRIVERS\admjoy.sys [2002-08-28 10880]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2008-04-13 63744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-09-06 114464]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2003-05-26 166912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STV680;USB Dual-mode Camera; C:\WINDOWS\system32\drivers\STV680.sys [2002-02-11 119536]
S3 STV680m;USB Dual-mode Cameram; C:\WINDOWS\system32\drivers\STV680m.sys [2002-02-11 9024]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8830.sys [2001-08-17 747392]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-24 303104]
S2 CSIScanner;CSIScanner; C:\Program Files\PrevxCSI\prevxcsi.exe /service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 BAK;BAK; C:\DOCUME~1\Dad\LOCALS~1\Temp\BAK.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DADAXZAIZU;DADAXZAIZU; C:\DOCUME~1\Dad\LOCALS~1\Temp\DADAXZAIZU.exe []
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe []
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe []
S4 aolavupd;AOL Antivirus Update Service; C:\Program Files\Common Files\AOL\1098492738\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe []
S4 Apfsaup830nu;Apfsaup830nu; C:\WINDOWS\system32\drivers\sym_u3.sys [2001-08-17 30688]
S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704]
S4 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-09-13 263696]
S4 McShield;McAfee McShield; C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe [2005-09-06 221184]
S4 MpfService;McAfee Personal Firewall Service; C:\Program Files\mcafee.com\personal firewall\MPFService.exe [2006-03-07 548864]

-----------------EOF-----------------


Computer is still behaving fine..

[Wingman]

Hi jinr,
Both the MBAM and Rooter logs look clean... I would like to get a few things answered before proceeding.

You have references to AOL, McAfee and AVG anti-virus and AOL firewall. In your first post you indicated that there are remnants of,
"other antivirus programs that have been installed and uninstalled on the computer (McAfee, AOL, etc)..."
Did you have AOL Safety and Security Center installed? Do you plan on using another firewall besides the AOL version?
We can attempt to clean up these remnants but I don't want to remove any protection, you want to keep.

There are some entries I need you to look at and explain to me what they are, if you know:
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\RunOnce: [GASetDesktop] rundll32.exe "C:\PROGRA~1\AOLDES~1\GAUsrMan.ocx",Entry1 "AOL Active Desktop" "C:\PROGRA~1\AOLDES~1\aolpc.htm" (User '?')
Are you using an AOL Active Desktop?

Do you still have (want) the Prevx CSI Scanner installed?

There are a number of files that I need to get clarification on... either by you, if you know what they are or from an online scan.
C:\WINDOWS\system32\l4te7vf.exe
C:\WINDOWS\system32\drivers\sym_u3.sys

Do you know what these 2 files(below) are for?
C:\Documents and Settings\Dad\Local Settings\Temp\BAK.exe
C:\Documents and Settings\Dad\Local Settings\Temp\DADAXZAIZU.exe

After answering these questions, please perform the following steps.

Step 1.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload the following file(s) for scanning:

C:\WINDOWS\system32\l4te7vf.exe
C:\WINDOWS\system32\drivers\sym_u3.sys
C:\Documents and Settings\Dad\Local Settings\Temp\BAK.exe <---------- No scan needed if you know what this is
C:\Documents and Settings\Dad\Local Settings\Temp\DADAXZAIZU.exe <---------- No scan needed if you know what this is


Using Jotti

1. Please copy and paste... the above full path and file name(s)...in the text box next to the Browse button.
2. Click on Submit..button.
3. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
4. When all scans have completed... Highlight the results text, beginning with "File...and select all text down to the last scan result.
5. Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
6. Please repeat this procedure for each file listed above.
7. Paste the contents of all the Jotti scan results in your next reply.

Using Virus Total

1. Please copy and paste... the above full path and file name(s)...in the text box next to the Browse button.
2. Click on Send File...button.
3. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
4. When the scan is completed...press the "Compact" icon
5. The results will be shown in a grid like window...please Select and Copy the entire contents.
6. Open Notepad...Paste the result contents into the Notepad window...Save this file to a convenient place.
7. Please repeat this procedure for each file listed above.
8. Paste the contents of all the Virus Total results in your next reply.

Step 2.
RegSearch ... by Bobbi Flekman © 2005-2007 ... Written by F. Staal

1. Please download regsearch.zip and save it to your desktop.
2. Right click on regsearch.zip and select Extract All....
   If you have a 3rd party "unzipping" program...(WinRar, Winzip, etc) ... use that to extract files to your desktop, go to step 6.
3. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
4. Click on the Browse button. Click on Desktop. Then click OK.
5. Once done, check the Show extracted files box and click Finish.
6. Double click on regsearch.exe to run it.
7. Copy and paste the following text (one entry per line)into the "Enter search strings (case independent) and click OK..." section (red highlighted area in the screenshot below).
   

   Code: Select all

   avgldx86.sys
   avgtdix.sys
   avgmfx86.sys
   naiavf5x.sys

   
   
   
8. Make sure all the check boxes in the "Search" section are checked (blue outlined section in the screenshot above).
9. Click OK.
10. When done, a text file will be created and automatically opened called: "RegSearch.txt".
    File can be found on your desktop or whatever folder RegSearch was extracted to originally.

Please copy and paste the contents of RegSearch.txt in your next reply.

Step 3.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.

1. Double click on RSIT.exe to run it.
2. Please read the disclaimer... click on Continue.
   RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
3. Please post ONLY the "log.txt", file contents in your next reply.
   (This log can be lengthy, so a separate post may be needed.)

Step 4.
Please include in your next reply:

1. Any problem executing the instructions?
2. Answers to all my questions.
3. Jotti or Virus Total scan results on 2 (maybe 4) files.
4. RegSearch.txt file contents.
5. RSIT log.txt file contents.
6. How is the computer behaving?

Thanks,
Wingman

[jinr]

When we first got this computer (Probably 6-7 years ago) it came pre-installed with all AOL stuff. Eventually I went through and deleted all the AOL startup registry keys and disabled the related services (Probably about 3-4 years ago). So now, whenever I turn on the computer, no AOL programs startup, but they are still installed. If there is any other AOL software that I didn't manage to disable, I'd like to. (I'll install another firewall if you recommend).
About the other scanner: As I understand it, running two scanners at once will cause them both to become weakened/useless. Since I'm using Avira for real-time protection, I'd like to disable/remove any other realtime scanners present.

Now, for the jotti scan:

C:\WINDOWS\system32\l4te7vf.exe -- This file was not found on the computer

C:\WINDOWS\system32\drivers\sym_u3.sys -- This file was scanned, came up clean: http://virusscan.jotti.org/en/scanresul ... d653cfd3d3

C:\Documents and Settings\Dad\Local Settings\Temp\BAK.exe
C:\Documents and Settings\Dad\Local Settings\Temp\DADAXZAIZU.exe

These files were gone (Probably deleted by TFC), but I know that they were copies of SysInternals Process Explorer. It looks like it copies itself to a randomly named temporary file before running (Similar to some malware removal programs).

RegSearch log:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 8/14/2009 03:15:39 AM for strings:
; 'avgldx86.sys'
; 'avgtdix.sys'
; 'avgmfx86.sys'
; 'naiavf5x.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgLdx86]
; Contents of value:
; \SystemRoot\System32\Drivers\avgldx86.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,6c,00,64,00,78,00,\
38,00,36,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgMfx86]
; Contents of value:
; \SystemRoot\System32\Drivers\avgmfx86.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,6d,00,66,00,78,00,\
38,00,36,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdiX]
; Contents of value:
; \SystemRoot\System32\Drivers\avgtdix.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,74,00,64,00,69,00,\
78,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NaiAvFilter1]
"ImagePath"="system32\\drivers\\naiavf5x.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgLdx86]
; Contents of value:
; \SystemRoot\System32\Drivers\avgldx86.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,6c,00,64,00,78,00,\
38,00,36,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgMfx86]
; Contents of value:
; \SystemRoot\System32\Drivers\avgmfx86.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,6d,00,66,00,78,00,\
38,00,36,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgTdiX]
; Contents of value:
; \SystemRoot\System32\Drivers\avgtdix.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,74,00,64,00,69,00,\
78,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NaiAvFilter1]
"ImagePath"="system32\\drivers\\naiavf5x.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgLdx86]
; Contents of value:
; \SystemRoot\System32\Drivers\avgldx86.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,6c,00,64,00,78,00,\
38,00,36,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgMfx86]
; Contents of value:
; \SystemRoot\System32\Drivers\avgmfx86.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,6d,00,66,00,78,00,\
38,00,36,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdiX]
; Contents of value:
; \SystemRoot\System32\Drivers\avgtdix.sys
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,76,00,67,00,74,00,64,00,69,00,\
78,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NaiAvFilter1]
"ImagePath"="system32\\drivers\\naiavf5x.sys"

[HKEY_USERS\S-1-5-21-1019868249-3852331653-2614216754-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"e"="C:\\WINDOWS\\system32\\drivers\\naiavf5x.sys"

; End Of The Log...

New RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-08-14 05:24:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (16%) free of 31 GB
Total RAM: 735 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:25:18, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Dad\Desktop\RSIT.exe
C:\Documents and Settings\Dad\Desktop\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 14378
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\RunOnce: [l4te7vf.exe] C:\WINDOWS\system32\l4te7vf.exe /k (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (User '?')
O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\RunOnce: [GASetDesktop] rundll32.exe "C:\PROGRA~1\AOLDES~1\GAUsrMan.ocx",Entry1 "AOL Active Desktop" "C:\PROGRA~1\AOLDES~1\aolpc.htm" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jdk1.6.0\jre\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jdk1.6.0\jre\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9203794055
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BAK - Unknown owner - C:\DOCUME~1\Dad\LOCALS~1\Temp\BAK.exe (file missing)
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: DADAXZAIZU - Unknown owner - C:\DOCUME~1\Dad\LOCALS~1\Temp\DADAXZAIZU.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7647 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{6913DB73-FC22-40F0-8552-761935D6D6DE}_OFFICE_Al.job
C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_OFFICE_Al.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe [2006-03-07 992808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=3
"Apfsaup830nu"=3
"aolavupd"=3
"AOL TopSpeedMonitor"=3
"AOL ACS"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1098492738\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1098492738\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\Aolload.exe"="C:\Program Files\Common Files\AOL\Loader\Aolload.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\AOLTSMON.EXE"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\AOLTSMON.EXE:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\Aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\Aoltpspd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\MSN\MSNCoreFiles\MSN.EXE"="C:\Program Files\MSN\MSNCoreFiles\MSN.EXE:*:Enabled:msn"
"C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe"="C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.exe:*:Enabled:Verizon Online Updates"
"C:\WINDOWS\System32\lexpps.exe"="C:\WINDOWS\System32\lexpps.exe:*:Enabled:LEXPPS.EXE"
"C:\Program Files\America Online 9.0l\waol.exe"="C:\Program Files\America Online 9.0l\waol.exe:*:Enabled:America Online 9.0l"
"C:\WINDOWS\System32\java.exe"="C:\WINDOWS\System32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Documents and Settings\Dad\Local Settings\Temp\java_ee_sdk-5-windows.exe2\package\jre\bin\javaw.exe"="C:\Documents and Settings\Dad\Local Settings\Temp\java_ee_sdk-5-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Sun\AppServer\JDK\BIN\JAVA.EXE"="C:\Sun\AppServer\JDK\BIN\JAVA.EXE:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jdk1.5.0_09\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_09\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\WINDOWS\java.exe"="C:\WINDOWS\java.exe:*:Enabled:java"
"C:\Documents and Settings\Dad\Desktop\jre-1_5_0_06-windows-i586-p-iftw.exe"="C:\Documents and Settings\Dad\Desktop\jre-1_5_0_06-windows-i586-p-iftw.exe:*:Enabled:jre-1_5_0_06-windows-i586-p-iftw"
"C:\Program Files\Java\jdk1.6.0\JRE\BIN\javaw.exe"="C:\Program Files\Java\jdk1.6.0\JRE\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\JRE\BIN\java.exe"="C:\Program Files\Java\jdk1.6.0\JRE\BIN\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\bin\java.exe"="C:\Program Files\Java\jdk1.6.0\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\WINDOWS\System32\DPNSVR.EXE"="C:\WINDOWS\System32\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\System32\dxdiag.exe"="C:\WINDOWS\System32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Java\jdk1.6.0\jre\bin\rmiregistry.exe"="C:\Program Files\Java\jdk1.6.0\jre\bin\rmiregistry.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\jre\bin\rmid.exe"="C:\Program Files\Java\jdk1.6.0\jre\bin\rmid.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\System32\java32.exe"="C:\WINDOWS\System32\java32.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\bin\jconsole.exe"="C:\Program Files\Java\jdk1.6.0\bin\jconsole.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\System32\ftp.exe"="C:\WINDOWS\System32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\sbin\portmap.exe"="C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\sbin\portmap.exe:*:Enabled:portmap"
"C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\bin\rstat.exe"="C:\Documents and Settings\Dad\Desktop\New Folder\RAR\sunrpc-4.0-2\usr\bin\rstat.exe:*:Enabled:rstat"
"C:\a\Xming\Xming.exe"="C:\a\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\Program Files\TurboTax\Deluxe 2007\32BIT\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32BIT\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32BIT\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32BIT\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\a67\veoh\VeohClient.exe"="C:\a67\veoh\VeohClient.exe:*:Enabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-08-13 22:44:52 ----A---- C:\WINDOWS\system32\OLD1A.tmp
2009-08-13 17:06:23 ----A---- C:\WINDOWS\system32\OLD16.tmp
2009-08-13 00:40:35 ----D---- C:\Rooter$
2009-08-12 21:13:16 ----D---- C:\WINDOWS\LastGood
2009-08-12 20:45:48 ----D---- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
2009-08-07 21:26:44 ----D---- C:\rsit
2009-07-23 16:01:03 ----D---- C:\a

======List of files/folders modified in the last 1 months======

2009-08-12 20:33:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 20:58:20 ----A---- C:\WINDOWS\WORDPAD.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-07 97928]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2006-03-07 80640]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-07 76040]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-05-29 743887]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2003-05-26 166912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-07 26824]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\System32\DRIVERS\admjoy.sys [2002-08-28 10880]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2008-04-13 63744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-09-06 114464]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2003-05-26 166912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STV680;USB Dual-mode Camera; C:\WINDOWS\system32\drivers\STV680.sys [2002-02-11 119536]
S3 STV680m;USB Dual-mode Cameram; C:\WINDOWS\system32\drivers\STV680m.sys [2002-02-11 9024]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8830.sys [2001-08-17 747392]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-24 303104]
S2 CSIScanner;CSIScanner; C:\Program Files\PrevxCSI\prevxcsi.exe /service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 BAK;BAK; C:\DOCUME~1\Dad\LOCALS~1\Temp\BAK.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DADAXZAIZU;DADAXZAIZU; C:\DOCUME~1\Dad\LOCALS~1\Temp\DADAXZAIZU.exe []
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe []
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe []
S4 aolavupd;AOL Antivirus Update Service; C:\Program Files\Common Files\AOL\1098492738\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe []
S4 Apfsaup830nu;Apfsaup830nu; C:\WINDOWS\system32\drivers\sym_u3.sys [2001-08-17 30688]
S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704]
S4 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-09-13 263696]
S4 McShield;McAfee McShield; C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe [2005-09-06 221184]
S4 MpfService;McAfee Personal Firewall Service; C:\Program Files\mcafee.com\personal firewall\MPFService.exe [2006-03-07 548864]

-----------------EOF-----------------

[Wingman]

Hi jinr,
Based on what you posted, it sounds like removed various parts of AOL... but did not use the proper method to uninstall. Using the Add/Remove Programs feature or the program's uninstall function, is always the first method to try... then if there are remnants left it may be necessary to perform manual deletions. Removing registry entries without uninstalling the program first, can disable the program from starting but can also cause problems with "ophaned" registry entries trying to be executed.
We can try to remove the AOL "security" remnants but there is no guarantee that all entries wil be removed.

There are a few steps in this post...
Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Please print these instructions... you will have to reboot your computer (more than once) during these steps.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
2. Double-click erunt-setup-exe to run the install process
3. Install ERUNT by following the prompts.
4. Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
5. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
6. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
7. Make sure that at least the first two check boxes are selected.
8. Click on OK ... Then click on "YES" to create the folder.

Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.

1. Please navigate to Start >> All Programs >> ERUNT.
2. Click on OK within the pop-up menu.
3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
   
   • System registry.
   • Current user registry.
4. Next click on "OK"... At the prompt... reply "Yes".
   After a short duration the Registry backup is complete! pop-up message will appear.
5. Now click on "OK". A registry backup has now been created.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Fix HijackThis entries

1. Run HijackThis
   (Located in C:\Program Files\trend micro\hijackthis.exe)
   
   • If you are on the Main Menu page... Click "Do a system scan only"
   • If you are on the "scan & fix stuff" page... Press the Scan...button.
2. When the scan finishes...Place a check mark next to the following entries (if they are still present):
   
   *Only check those items listed below *
   

   R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 14378
   O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
   O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
   O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
   O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1007\..\RunOnce: [l4te7vf.exe] C:\WINDOWS\system32\l4te7vf.exe /k (User '?')
   O4 - HKUS\S-1-5-21-1019868249-3852331653-2614216754-1009\..\RunOnce: [GASetDesktop] rundll32.exe "C:\PROGRA~1\AOLDES~1\GAUsrMan.ocx",Entry1 "AOL Active Desktop" "C:\PROGRA~1\AOLDES~1\aolpc.htm" (User '?')
   O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
   O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
   O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
   O15 - Trusted Zone: <http://www.hvcc.edu>
   O15 - Trusted Zone: <http://www.moparscape.org>
   O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
   

3. After checking these items... CLOSE ALL open windows except HijackThis
4. Click the Fix Checked ...button...to remove the entries you checked.
5. Choose YES...when prompted to fix the selected items.
   Once it has fixed them, close HijackThis.

Step 3.
AVG Remover
Please save any work and close all open windows... you have to REBOOT your machine during in this step.
Please download AVG Remover(32bit) and save it to your desktop.
If you are attempting to remove the 64bit version of AVG... please download this version AVG Remover(64bit).

1. Double click on avgremover.exe to start the process. (64bit version... avgremoverx64.exe)
   A black command window will open... and you will receive a "removal and rebooting" warning prompt...
2. Reply Yes to the "Do you want to continue?" prompt.
   The remover will begin searching for and removing AVG entries...
3. When completed, a text file will appear on your desktop "avgremover.log"... (it may be named differently for the 64bit version)
   Please reboot your computer at this time. (You may receive a prompt to do so...)
4. Please copy and paste the contents of avgremover.log in your next reply.

Step 4.
Remove AOL® Safety and Security Center
Please save any work, close other open windows, you will be asked to reboot your computer!
To uninstall AOL® Safety and Security Center or its components, please perform the following steps:
This only removes the anti-virus, spyware and firewall protection, it does not remove AOL or other settings.

1. Click the Start button... click Control Panel... then double-click Add or Remove Programs icon.
2. Locate, then click AOL® UNINSTALLER, then click the Change/Remove button.
   In the AOL® Uninstaller window
3. Click the box next to
   • AOL Antivirus
   • AOL Spyware Protection
   • AOL Firewall
4. Click the Uninstall button.
   In the Confirm Install window
5. Click the Yes button.
6. Click the AOL Safety and Security Center box to place a check mark in it.
7. Click the Uninstall button... click the Yes button.

Restart your computer when prompted to do so. If you do not receive a prompt to restart the computer, please do so manually.

Step 5.
OTM

1. Please download OTM.exe...by Old Timer. Save it to your desktop.
2. Double click on OTM.exe to run it.
   If you receive the "Open File - Security Warning", please press Run.
3. Please copy and paste the text in the Code box below, into OTM (1).
   Warning: Do not type it out... errors could damage your machine.
   

   Code: Select all

   :Services
   BAK
   DADAXZAIZU
   avg8wd
   McShield
   MpfService
   
   :Reg
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
   "{BA52B914-B692-46c4-B683-905236F6F655}"=-
   "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
   "{A057A204-BACC-4D26-9990-79A187E2698E}"=-
   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
   [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
   "aolavupd"=-
   "AOL TopSpeedMonitor"=-
   "AOL ACS"=-
   [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
   "C:\Program Files\America Online 9.0a\waol.exe"=-
   "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"=-
   "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"=-
   "C:\Program Files\America Online 9.0b\waol.exe"=-
   "C:\Program Files\Common Files\AOL\1098492738\EE\AOLServiceHost.exe"=-
   "C:\Program Files\Common Files\AOL\Loader\Aolload.exe"=-
   "C:\Program Files\Common Files\AOL\System Information\sinf.exe"=-
   "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"=-
   "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"=-
   "C:\Program Files\Common Files\AOL\TopSpeed\2.0\AOLTSMON.EXE"="-
   "C:\Program Files\Common Files\AOL\TopSpeed\2.0\Aoltpspd.exe"="-
   "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"=-
   "C:\Program Files\America Online 9.0\waol.exe"=-
   "C:\Program Files\America Online 9.0c\waol.exe"=-
   "C:\Program Files\America Online 9.0l\waol.exe"=-
   "C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="-
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgLdx86]
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgMfx86]
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdiX]
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NaiAvFilter1]
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgLdx86]
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgMfx86]
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgTdiX]
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NaiAvFilter1]
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgLdx86]
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgMfx86]
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdiX]
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NaiAvFilter1]
   
   :Files
   C:\WINDOWS\system32\OLD1A.tmp
   C:\WINDOWS\system32\OLD16.tmp
   C:\a
   C:\WINDOWS\System32\Drivers\avgldx86.sys
   C:\WINDOWS\System32\Drivers\avgtdix.sys
   C:\WINDOWS\System32\Drivers\avgmfx86.sys
   C:\WINDOWS\system32\drivers\naiavf5x.sys
   C:\Program Files\AVG\
   C:\Program Files\mcafee.com\
   C:\Program Files\Common Files\AOL\
   C:\Program Files\Common Files\AolCoach\
   C:\Program Files\America Online 9.0\
   C:\Program Files\America Online 9.0a\
   C:\Program Files\America Online 9.0b\
   C:\Program Files\America Online 9.0c\
   C:\Program Files\America Online 9.0l\
   
   :Commands
   [EmptyTemp]
   [Reboot]
   

   
   Please refer to this image to use OTM.exe
   
   
   
4. Check the box "Unregister Dll's and OCX's ... if not checked.
5. Click on MoveIt! (2)
6. The end results of the processing will be in 2 places:
   • The Results window on the right side of the OTM screen.
   • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
7. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
8. Click Exit (3) when done.
9. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.

NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 6.
Please include in your next reply:

1. Any problem executing the instructions?
2. avgremover.log
3. OTM results
4. How is the computer behaving?

Thanks,
Wingman

[Wingman]

3 Day Response
Hello... jinr,
It has been 2 days since my last post to you.

• Do you still need help with this problem?
• Do you need more time?
• Are you having problems understanding or following my instructions?

Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!

[jinr]

Sorry about the delay .. the great thing about network issues is that you can't notify anyone that you're not going to be able to talk to them

Here are the requested items. I couldn't get the results of OTM because it restarted the computer after finishing.
The C:\a folder is supposedly important.. I'm not to modify it so I had to remove that entry..

AVG removal log:

2009-08-16 01:07:44,003 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-08-16 01:07:44,013 WARN AvgDir param empty.
2009-08-16 01:07:44,013 WARN AvgDataDir param empty.
2009-08-16 01:08:05,454 INFO AvgRemover runs in attempt number 1
2009-08-16 01:08:05,464 INFO ***** Services *****
2009-08-16 01:08:05,464 INFO Processing service avg8emc
2009-08-16 01:08:05,464 INFO Service avg8emc is not installed
2009-08-16 01:08:05,464 DEBUG Service avg8emc RegCleanup
2009-08-16 01:08:05,464 DEBUG Registry keys for service avg8emc are not present
2009-08-16 01:08:05,464 INFO Processing service avgfws8
2009-08-16 01:08:05,474 INFO Service avgfws8 is not installed
2009-08-16 01:08:05,474 DEBUG Service avgfws8 RegCleanup
2009-08-16 01:08:05,474 DEBUG Registry keys for service avgfws8 are not present
2009-08-16 01:08:05,474 INFO Processing service avg8wd
2009-08-16 01:08:05,474 DEBUG Service avg8wd BeforeStop
2009-08-16 01:08:05,534 WARN Service avg8wd Failed to SetStoppable command (error: e0010127)
2009-08-16 01:08:05,534 DEBUG Service avg8wd BeforeStop failed
2009-08-16 01:08:05,544 INFO Service avg8wd is not running
2009-08-16 01:08:05,544 DEBUG Service avg8wd Delete
2009-08-16 01:08:05,544 DEBUG Service avg8wd RegCleanup
2009-08-16 01:08:05,554 INFO Processing service AvgMfx86
2009-08-16 01:08:05,554 INFO Service AvgMfx86 is not running
2009-08-16 01:08:05,554 DEBUG Service AvgMfx86 Delete
2009-08-16 01:08:05,564 DEBUG Service AvgMfx86 RegCleanup
2009-08-16 01:08:05,564 INFO Processing service AvgMfx64
2009-08-16 01:08:05,564 INFO Service AvgMfx64 is not installed
2009-08-16 01:08:05,564 DEBUG Service AvgMfx64 RegCleanup
2009-08-16 01:08:05,564 DEBUG Registry keys for service AvgMfx64 are not present
2009-08-16 01:08:05,564 INFO Processing service AvgLdx86
2009-08-16 01:08:05,574 DEBUG Service AvgLdx86 Stop
2009-08-16 01:08:05,714 DEBUG Service AvgLdx86 Delete
2009-08-16 01:08:05,714 DEBUG Service AvgLdx86 RegCleanup
2009-08-16 01:08:05,724 INFO Processing service AvgLdx64
2009-08-16 01:08:05,724 INFO Service AvgLdx64 is not installed
2009-08-16 01:08:05,724 DEBUG Service AvgLdx64 RegCleanup
2009-08-16 01:08:05,724 DEBUG Registry keys for service AvgLdx64 are not present
2009-08-16 01:08:05,724 INFO Processing service AvgTdiX
2009-08-16 01:08:05,734 DEBUG Service AvgTdiX Stop
2009-08-16 01:08:05,734 DEBUG Service AvgTdiX Stop failed (error: c007041c), RESTART planned
2009-08-16 01:08:05,734 DEBUG Service AvgTdiX Stop failed
2009-08-16 01:08:05,734 DEBUG Service AvgTdiX Delete
2009-08-16 01:08:05,744 DEBUG Service AvgTdiX Delete failed (error: c007041c)
2009-08-16 01:08:05,744 DEBUG Service AvgTdiX Delete failed
2009-08-16 01:08:05,744 DEBUG Service AvgTdiX RegCleanup
2009-08-16 01:08:05,744 INFO Processing service AvgTdiA
2009-08-16 01:08:05,744 INFO Service AvgTdiA is not installed
2009-08-16 01:08:05,744 DEBUG Service AvgTdiA RegCleanup
2009-08-16 01:08:05,744 DEBUG Registry keys for service AvgTdiA are not present
2009-08-16 01:08:05,744 INFO Processing service AvgWFPx
2009-08-16 01:08:05,744 INFO Service AvgWFPx is not installed
2009-08-16 01:08:05,744 DEBUG Service AvgWFPx RegCleanup
2009-08-16 01:08:05,744 DEBUG Registry keys for service AvgWFPx are not present
2009-08-16 01:08:05,744 INFO Processing service AvgWFPa
2009-08-16 01:08:05,754 INFO Service AvgWFPa is not installed
2009-08-16 01:08:05,754 DEBUG Service AvgWFPa RegCleanup
2009-08-16 01:08:05,754 DEBUG Registry keys for service AvgWFPa are not present
2009-08-16 01:08:05,754 INFO Processing service AvgRkx86
2009-08-16 01:08:05,754 INFO Service AvgRkx86 is not installed
2009-08-16 01:08:05,754 DEBUG Service AvgRkx86 RegCleanup
2009-08-16 01:08:05,754 DEBUG Registry keys for service AvgRkx86 are not present
2009-08-16 01:08:05,754 DEBUG Restart is needed (restart counter: 1)
2009-08-16 01:08:05,754 INFO ***** Registry keys and values *****
2009-08-16 01:08:05,754 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2009-08-16 01:08:05,764 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2009-08-16 01:08:05,764 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} not present - Key not found
2009-08-16 01:08:05,764 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2009-08-16 01:08:05,764 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2009-08-16 01:08:05,764 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} not present - Key not found
2009-08-16 01:08:05,764 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2009-08-16 01:08:05,774 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2009-08-16 01:08:05,774 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2009-08-16 01:08:05,774 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2009-08-16 01:08:05,774 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2009-08-16 01:08:05,774 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2009-08-16 01:08:05,774 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2009-08-16 01:08:05,774 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2009-08-16 01:08:05,774 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2009-08-16 01:08:05,774 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2009-08-16 01:08:05,784 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2009-08-16 01:08:05,784 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2009-08-16 01:08:05,784 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2009-08-16 01:08:05,784 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2009-08-16 01:08:05,784 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2009-08-16 01:08:05,784 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2009-08-16 01:08:05,794 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2009-08-16 01:08:05,794 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2009-08-16 01:08:05,794 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2009-08-16 01:08:05,794 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2009-08-16 01:08:05,794 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2009-08-16 01:08:05,804 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2009-08-16 01:08:05,804 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
2009-08-16 01:08:05,804 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-08-16 01:08:05,814 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2009-08-16 01:08:05,814 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2009-08-16 01:08:05,814 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-08-16 01:08:05,824 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2009-08-16 01:08:05,824 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2009-08-16 01:08:05,824 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-08-16 01:08:05,824 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2009-08-16 01:08:05,844 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2009-08-16 01:08:05,844 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-08-16 01:08:05,854 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2009-08-16 01:08:05,854 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2009-08-16 01:08:05,854 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2009-08-16 01:08:05,854 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2009-08-16 01:08:05,854 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2009-08-16 01:08:05,864 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2009-08-16 01:08:05,864 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2009-08-16 01:08:05,864 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2009-08-16 01:08:05,864 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2009-08-16 01:08:05,864 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2009-08-16 01:08:05,864 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2009-08-16 01:08:05,864 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2009-08-16 01:08:05,874 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2009-08-16 01:08:05,874 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2009-08-16 01:08:05,874 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2009-08-16 01:08:05,874 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2009-08-16 01:08:05,874 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2009-08-16 01:08:05,874 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2009-08-16 01:08:05,874 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2009-08-16 01:08:05,874 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2009-08-16 01:08:05,874 INFO Processing registry SOFTWARE\Classes\.avgdi
2009-08-16 01:08:05,874 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2009-08-16 01:08:05,874 DEBUG Key SOFTWARE\Classes\.avgdi not found
2009-08-16 01:08:05,874 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-08-16 01:08:05,884 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-08-16 01:08:05,884 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-08-16 01:08:05,884 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-08-16 01:08:05,884 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-08-16 01:08:05,884 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-08-16 01:08:05,884 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-08-16 01:08:05,894 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-08-16 01:08:05,894 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-08-16 01:08:05,894 INFO Processing registry SOFTWARE\AVG\Clients
2009-08-16 01:08:05,894 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2009-08-16 01:08:05,894 DEBUG Key SOFTWARE\AVG\Clients not found
2009-08-16 01:08:05,894 INFO Processing registry SOFTWARE\AVG\AVG8
2009-08-16 01:08:05,894 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2009-08-16 01:08:05,894 INFO Processing registry SOFTWARE\AVG
2009-08-16 01:08:05,894 DEBUG Value SOFTWARE\AVG:DumpType Remove
2009-08-16 01:08:05,894 INFO Value SOFTWARE\AVG:DumpType is not present
2009-08-16 01:08:05,905 INFO Processing registry SOFTWARE\AVG
2009-08-16 01:08:05,905 DEBUG Key SOFTWARE\AVG Remove
2009-08-16 01:08:05,905 INFO Processing registry SOFTWARE\AVG\AVG8
2009-08-16 01:08:05,905 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2009-08-16 01:08:05,905 DEBUG Key SOFTWARE\AVG\AVG8 not found
2009-08-16 01:08:05,905 INFO Processing registry SOFTWARE\AVG
2009-08-16 01:08:05,905 DEBUG Key SOFTWARE\AVG Remove
2009-08-16 01:08:05,905 DEBUG Key SOFTWARE\AVG not found
2009-08-16 01:08:05,905 INFO Processing registry aAvgAPI.AvgBro
2009-08-16 01:08:05,905 DEBUG Key aAvgAPI.AvgBro ForceRemove
2009-08-16 01:08:05,905 DEBUG Key aAvgAPI.AvgBro not found
2009-08-16 01:08:05,905 INFO Processing registry AVG.Office
2009-08-16 01:08:05,905 DEBUG Key AVG.Office ForceRemove
2009-08-16 01:08:05,915 DEBUG Key AVG.Office not found
2009-08-16 01:08:05,915 INFO Processing registry AVG.Office.8
2009-08-16 01:08:05,915 DEBUG Key AVG.Office.8 ForceRemove
2009-08-16 01:08:05,915 DEBUG Key AVG.Office.8 not found
2009-08-16 01:08:05,915 INFO Processing registry avgtoolbar.AVGTOOLBAR
2009-08-16 01:08:05,915 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2009-08-16 01:08:05,915 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2009-08-16 01:08:05,935 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2009-08-16 01:08:05,935 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2009-08-16 01:08:05,935 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2009-08-16 01:08:05,945 INFO Processing registry LinkScannerIE.NavFilter
2009-08-16 01:08:05,945 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2009-08-16 01:08:05,945 INFO Processing registry LinkScannerIE.NavFilter.1
2009-08-16 01:08:05,945 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2009-08-16 01:08:05,945 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2009-08-16 01:08:05,955 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2009-08-16 01:08:05,955 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2009-08-16 01:08:05,955 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2009-08-16 01:08:05,955 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2009-08-16 01:08:05,955 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2009-08-16 01:08:05,955 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2009-08-16 01:08:05,955 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2009-08-16 01:08:05,965 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2009-08-16 01:08:05,965 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2009-08-16 01:08:05,965 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2009-08-16 01:08:05,965 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2009-08-16 01:08:05,965 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2009-08-16 01:08:05,965 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2009-08-16 01:08:05,965 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2009-08-16 01:08:05,975 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2009-08-16 01:08:05,975 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2009-08-16 01:08:05,975 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2009-08-16 01:08:05,975 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2009-08-16 01:08:05,975 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2009-08-16 01:08:05,985 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2009-08-16 01:08:05,985 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2009-08-16 01:08:05,985 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2009-08-16 01:08:05,995 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2009-08-16 01:08:05,995 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2009-08-16 01:08:05,995 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2009-08-16 01:08:05,995 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2009-08-16 01:08:05,995 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2009-08-16 01:08:05,995 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2009-08-16 01:08:05,995 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2009-08-16 01:08:05,995 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2009-08-16 01:08:05,995 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2009-08-16 01:08:06,005 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2009-08-16 01:08:06,005 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2009-08-16 01:08:06,005 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2009-08-16 01:08:06,015 INFO ***** Files and folders *****
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 0
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 1
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 2
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 3
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 4
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 5
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 6
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 7
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 8
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 9
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 10
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 11
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 12
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 13
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 14
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 15
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 16
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 17
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 18
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 19
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 20
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 21
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 22
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 23
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 24
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 25
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 26
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 27
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 28
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 29
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 30
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 31
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 32
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 33
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 34
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 35
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 36
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 37
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 38
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 39
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 40
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 41
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 42
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 43
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 44
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 45
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 46
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 47
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 48
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 49
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 50
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 51
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 52
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 53
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 54
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 55
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 56
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 57
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 58
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 59
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 60
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 61
2009-08-16 01:08:06,015 DEBUG Missing ParentDir path for fileItem number 62
2009-08-16 01:08:06,015 DEBUG Processing item C:\Documents and Settings\Dad\Application Data\AVGTOOLBAR
2009-08-16 01:08:06,045 INFO Directory C:\Documents and Settings\Dad\Application Data\AVGTOOLBAR deleted
2009-08-16 01:08:06,045 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:08:06,075 INFO File C:\WINDOWS\System32\Drivers\\avgldx86.sys deleted
2009-08-16 01:08:06,095 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:08:06,095 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:08:06,125 INFO File C:\WINDOWS\System32\Drivers\\avgmfx86.sys deleted
2009-08-16 01:08:06,135 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:08:06,135 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:08:06,145 INFO File C:\WINDOWS\System32\Drivers\\avgtdix.sys deleted
2009-08-16 01:08:06,145 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:08:06,145 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2009-08-16 01:08:06,165 INFO File C:\WINDOWS\System32\Drivers\avg\avi7.avg deleted
2009-08-16 01:08:06,175 INFO File C:\WINDOWS\System32\Drivers\avg\miniavi.avg deleted
2009-08-16 01:08:06,185 INFO File C:\WINDOWS\System32\Drivers\avg\incavi.avm deleted
2009-08-16 01:08:06,185 INFO Directory C:\WINDOWS\System32\Drivers\avg deleted
2009-08-16 01:08:06,185 DEBUG Processing item C:\WINDOWS\System32
2009-08-16 01:08:06,195 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
2009-08-16 01:08:06,195 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
2009-08-16 01:08:06,195 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
2009-08-16 01:08:06,195 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
2009-08-16 01:08:06,195 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
2009-08-16 01:08:06,195 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
2009-08-16 01:08:06,205 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
2009-08-16 01:08:06,205 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
2009-08-16 01:08:06,205 DEBUG Processing item C:\Program Files\AVG
2009-08-16 01:08:06,205 DEBUG Directory C:\Program Files\AVG not deleted (error c0070091)
2009-08-16 01:08:06,205 DEBUG Restarting...
2009-08-16 01:09:52,856 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-08-16 01:09:52,896 INFO Command line: /run_number=2 /ndis_nextstep=1
2009-08-16 01:09:52,896 WARN AvgDir param empty.
2009-08-16 01:09:52,896 WARN AvgDataDir param empty.
2009-08-16 01:09:52,896 INFO AvgRemover runs in attempt number 2
2009-08-16 01:09:52,896 INFO ***** Services *****
2009-08-16 01:09:52,896 INFO Processing service avg8emc
2009-08-16 01:09:52,906 INFO Service avg8emc is not installed
2009-08-16 01:09:52,906 DEBUG Service avg8emc RegCleanup
2009-08-16 01:09:52,906 DEBUG Registry keys for service avg8emc are not present
2009-08-16 01:09:52,906 INFO Processing service avgfws8
2009-08-16 01:09:52,906 INFO Service avgfws8 is not installed
2009-08-16 01:09:52,916 DEBUG Service avgfws8 RegCleanup
2009-08-16 01:09:52,916 DEBUG Registry keys for service avgfws8 are not present
2009-08-16 01:09:52,916 INFO Processing service avg8wd
2009-08-16 01:09:52,916 INFO Service avg8wd is not installed
2009-08-16 01:09:52,916 DEBUG Service avg8wd RegCleanup
2009-08-16 01:09:52,916 DEBUG Registry keys for service avg8wd are not present
2009-08-16 01:09:52,916 INFO Processing service AvgMfx86
2009-08-16 01:09:52,916 INFO Service AvgMfx86 is not installed
2009-08-16 01:09:52,916 DEBUG Service AvgMfx86 RegCleanup
2009-08-16 01:09:52,916 DEBUG Registry keys for service AvgMfx86 are not present
2009-08-16 01:09:52,916 INFO Processing service AvgMfx64
2009-08-16 01:09:52,916 INFO Service AvgMfx64 is not installed
2009-08-16 01:09:52,916 DEBUG Service AvgMfx64 RegCleanup
2009-08-16 01:09:52,916 DEBUG Registry keys for service AvgMfx64 are not present
2009-08-16 01:09:52,916 INFO Processing service AvgLdx86
2009-08-16 01:09:52,916 INFO Service AvgLdx86 is not installed
2009-08-16 01:09:52,916 DEBUG Service AvgLdx86 RegCleanup
2009-08-16 01:09:52,926 DEBUG Registry keys for service AvgLdx86 are not present
2009-08-16 01:09:52,926 INFO Processing service AvgLdx64
2009-08-16 01:09:52,926 INFO Service AvgLdx64 is not installed
2009-08-16 01:09:52,926 DEBUG Service AvgLdx64 RegCleanup
2009-08-16 01:09:52,926 DEBUG Registry keys for service AvgLdx64 are not present
2009-08-16 01:09:52,926 INFO Processing service AvgTdiX
2009-08-16 01:09:52,926 INFO Service AvgTdiX is not installed
2009-08-16 01:09:52,926 DEBUG Service AvgTdiX RegCleanup
2009-08-16 01:09:52,926 DEBUG Registry keys for service AvgTdiX are not present
2009-08-16 01:09:52,926 INFO Processing service AvgTdiA
2009-08-16 01:09:52,926 INFO Service AvgTdiA is not installed
2009-08-16 01:09:52,926 DEBUG Service AvgTdiA RegCleanup
2009-08-16 01:09:52,926 DEBUG Registry keys for service AvgTdiA are not present
2009-08-16 01:09:52,926 INFO Processing service AvgWFPx
2009-08-16 01:09:52,926 INFO Service AvgWFPx is not installed
2009-08-16 01:09:52,926 DEBUG Service AvgWFPx RegCleanup
2009-08-16 01:09:52,936 DEBUG Registry keys for service AvgWFPx are not present
2009-08-16 01:09:52,936 INFO Processing service AvgWFPa
2009-08-16 01:09:52,936 INFO Service AvgWFPa is not installed
2009-08-16 01:09:52,936 DEBUG Service AvgWFPa RegCleanup
2009-08-16 01:09:52,936 DEBUG Registry keys for service AvgWFPa are not present
2009-08-16 01:09:52,936 INFO Processing service AvgRkx86
2009-08-16 01:09:52,936 INFO Service AvgRkx86 is not installed
2009-08-16 01:09:52,936 DEBUG Service AvgRkx86 RegCleanup
2009-08-16 01:09:52,936 DEBUG Registry keys for service AvgRkx86 are not present
2009-08-16 01:09:52,936 INFO ***** Registry keys and values *****
2009-08-16 01:09:52,936 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2009-08-16 01:09:52,936 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2009-08-16 01:09:52,936 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} not present - Key not found
2009-08-16 01:09:52,936 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2009-08-16 01:09:52,936 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2009-08-16 01:09:52,936 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} not present - Key not found
2009-08-16 01:09:52,936 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2009-08-16 01:09:52,936 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2009-08-16 01:09:52,946 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2009-08-16 01:09:52,946 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2009-08-16 01:09:52,946 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2009-08-16 01:09:52,946 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2009-08-16 01:09:52,946 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2009-08-16 01:09:52,946 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2009-08-16 01:09:52,946 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2009-08-16 01:09:52,946 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2009-08-16 01:09:52,946 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2009-08-16 01:09:52,946 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2009-08-16 01:09:52,946 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2009-08-16 01:09:52,946 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2009-08-16 01:09:52,946 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2009-08-16 01:09:52,946 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2009-08-16 01:09:52,946 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2009-08-16 01:09:52,946 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2009-08-16 01:09:52,946 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2009-08-16 01:09:52,946 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2009-08-16 01:09:52,946 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2009-08-16 01:09:52,946 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2009-08-16 01:09:52,946 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2009-08-16 01:09:52,956 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
2009-08-16 01:09:52,956 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-08-16 01:09:52,956 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2009-08-16 01:09:52,956 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2009-08-16 01:09:52,956 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-08-16 01:09:52,956 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2009-08-16 01:09:52,956 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2009-08-16 01:09:52,956 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-08-16 01:09:52,966 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2009-08-16 01:09:52,966 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2009-08-16 01:09:52,966 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-08-16 01:09:52,966 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2009-08-16 01:09:52,966 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2009-08-16 01:09:52,966 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2009-08-16 01:09:52,966 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2009-08-16 01:09:52,966 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2009-08-16 01:09:52,966 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2009-08-16 01:09:52,966 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2009-08-16 01:09:52,966 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2009-08-16 01:09:52,966 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2009-08-16 01:09:52,966 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2009-08-16 01:09:52,966 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2009-08-16 01:09:52,966 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2009-08-16 01:09:52,966 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2009-08-16 01:09:52,966 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2009-08-16 01:09:52,966 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2009-08-16 01:09:52,966 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2009-08-16 01:09:52,966 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2009-08-16 01:09:52,966 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\Classes\.avgdi
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\.avgdi not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\AVG\Clients
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\AVG\Clients not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\AVG\AVG8
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\AVG\AVG8 not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\AVG
2009-08-16 01:09:52,976 DEBUG Value SOFTWARE\AVG:DumpType Remove
2009-08-16 01:09:52,976 DEBUG Value SOFTWARE\AVG:DumpType not present - Key not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\AVG
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\AVG Remove
2009-08-16 01:09:52,976 DEBUG Key SOFTWARE\AVG not found
2009-08-16 01:09:52,976 INFO Processing registry SOFTWARE\AVG\AVG8
2009-08-16 01:09:52,986 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2009-08-16 01:09:52,986 DEBUG Key SOFTWARE\AVG\AVG8 not found
2009-08-16 01:09:52,986 INFO Processing registry SOFTWARE\AVG
2009-08-16 01:09:52,986 DEBUG Key SOFTWARE\AVG Remove
2009-08-16 01:09:52,986 DEBUG Key SOFTWARE\AVG not found
2009-08-16 01:09:52,986 INFO Processing registry aAvgAPI.AvgBro
2009-08-16 01:09:52,986 DEBUG Key aAvgAPI.AvgBro ForceRemove
2009-08-16 01:09:52,986 DEBUG Key aAvgAPI.AvgBro not found
2009-08-16 01:09:52,986 INFO Processing registry AVG.Office
2009-08-16 01:09:52,986 DEBUG Key AVG.Office ForceRemove
2009-08-16 01:09:52,986 DEBUG Key AVG.Office not found
2009-08-16 01:09:52,986 INFO Processing registry AVG.Office.8
2009-08-16 01:09:52,986 DEBUG Key AVG.Office.8 ForceRemove
2009-08-16 01:09:52,986 DEBUG Key AVG.Office.8 not found
2009-08-16 01:09:52,986 INFO Processing registry avgtoolbar.AVGTOOLBAR
2009-08-16 01:09:52,986 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2009-08-16 01:09:52,986 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2009-08-16 01:09:52,986 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2009-08-16 01:09:52,986 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2009-08-16 01:09:52,986 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2009-08-16 01:09:52,986 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2009-08-16 01:09:52,986 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2009-08-16 01:09:52,986 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2009-08-16 01:09:52,986 INFO Processing registry LinkScannerIE.NavFilter
2009-08-16 01:09:52,986 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2009-08-16 01:09:52,986 DEBUG Key LinkScannerIE.NavFilter not found
2009-08-16 01:09:52,986 INFO Processing registry LinkScannerIE.NavFilter.1
2009-08-16 01:09:52,996 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2009-08-16 01:09:52,996 DEBUG Key LinkScannerIE.NavFilter.1 not found
2009-08-16 01:09:52,996 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2009-08-16 01:09:52,996 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2009-08-16 01:09:52,996 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2009-08-16 01:09:52,996 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2009-08-16 01:09:52,996 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2009-08-16 01:09:52,996 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2009-08-16 01:09:52,996 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2009-08-16 01:09:52,996 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2009-08-16 01:09:52,996 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2009-08-16 01:09:52,996 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2009-08-16 01:09:52,996 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2009-08-16 01:09:52,996 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2009-08-16 01:09:52,996 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2009-08-16 01:09:52,996 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2009-08-16 01:09:52,996 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2009-08-16 01:09:52,996 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2009-08-16 01:09:52,996 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2009-08-16 01:09:52,996 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2009-08-16 01:09:52,996 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2009-08-16 01:09:52,996 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2009-08-16 01:09:52,996 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2009-08-16 01:09:52,996 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2009-08-16 01:09:52,996 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2009-08-16 01:09:53,006 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2009-08-16 01:09:53,006 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2009-08-16 01:09:53,006 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2009-08-16 01:09:53,006 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2009-08-16 01:09:53,006 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2009-08-16 01:09:53,006 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2009-08-16 01:09:53,006 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2009-08-16 01:09:53,006 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2009-08-16 01:09:53,006 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2009-08-16 01:09:53,006 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2009-08-16 01:09:53,006 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2009-08-16 01:09:53,006 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2009-08-16 01:09:53,006 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2009-08-16 01:09:53,006 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2009-08-16 01:09:53,006 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2009-08-16 01:09:53,006 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
2009-08-16 01:09:53,006 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2009-08-16 01:09:53,006 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2009-08-16 01:09:53,006 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2009-08-16 01:09:53,006 INFO ***** Files and folders *****
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 0
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 1
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 2
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 3
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 4
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 5
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 6
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 7
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 8
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 9
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 10
2009-08-16 01:09:53,006 DEBUG Missing ParentDir path for fileItem number 11
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 12
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 13
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 14
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 15
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 16
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 17
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 18
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 19
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 20
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 21
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 22
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 23
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 24
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 25
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 26
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 27
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 28
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 29
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 30
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 31
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 32
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 33
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 34
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 35
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 36
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 37
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 38
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 39
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 40
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 41
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 42
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 43
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 44
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 45
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 46
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 47
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 48
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 49
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 50
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 51
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 52
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 53
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 54
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 55
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 56
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 57
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 58
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 59
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 60
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 61
2009-08-16 01:09:53,016 DEBUG Missing ParentDir path for fileItem number 62
2009-08-16 01:09:53,016 DEBUG Processing item C:\Documents and Settings\Dad\Application Data\AVGTOOLBAR
2009-08-16 01:09:53,016 INFO Directory C:\Documents and Settings\Dad\Application Data\AVGTOOLBAR not found
2009-08-16 01:09:53,016 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:09:53,016 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:09:53,016 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:09:53,026 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:09:53,026 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:09:53,026 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-08-16 01:09:53,026 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2009-08-16 01:09:53,026 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2009-08-16 01:09:53,026 DEBUG Processing item C:\WINDOWS\System32
2009-08-16 01:09:53,026 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
2009-08-16 01:09:53,026 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
2009-08-16 01:09:53,026 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
2009-08-16 01:09:53,026 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
2009-08-16 01:09:53,036 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
2009-08-16 01:09:53,036 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
2009-08-16 01:09:53,036 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
2009-08-16 01:09:53,036 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
2009-08-16 01:09:53,036 DEBUG Processing item C:\Program Files\AVG
2009-08-16 01:09:53,056 DEBUG Directory C:\Program Files\AVG not deleted (error c0070091)
2009-08-16 01:09:53,056 INFO ***** Avg Fw NDIS driver *****
2009-08-16 01:09:53,557 INFO FW NDIS driver not present

OTM log:

All processes killed
========== SERVICES/DRIVERS ==========

Service\Driver BAK deleted successfully.

Service\Driver DADAXZAIZU deleted successfully.
Service\Driver avg8wd not found.
Service\Driver avg8wd not found.
Service\Driver McShield not found.
Service\Driver McShield not found.
Service\Driver MpfService not found.
Service\Driver MpfService not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-9990-79A187E2698E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\aolavupd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\AOL TopSpeedMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\AOL ACS deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\America Online 9.0a\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\America Online 9.0b\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\AOL\1098492738\EE\AOLServiceHost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\AOL\Loader\Aolload.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\AOL\System Information\sinf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\Common Files\AOL\TopSpeed\2.0\AOLTSMON.EXE"|"- /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\Common Files\AOL\TopSpeed\2.0\Aoltpspd.exe"|"- /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\America Online 9.0c\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\America Online 9.0l\waol.exe deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"|"- /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgLdx86\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgMfx86\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdiX\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NaiAvFilter1\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgLdx86\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgMfx86\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgTdiX\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NaiAvFilter1\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgLdx86\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgMfx86\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdiX\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NaiAvFilter1\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\OLD1A.tmp not found.
File/Folder C:\WINDOWS\system32\OLD16.tmp not found.
File/Folder C:\WINDOWS\System32\Drivers\avgldx86.sys not found.
File/Folder C:\WINDOWS\System32\Drivers\avgtdix.sys not found.
File/Folder C:\WINDOWS\System32\Drivers\avgmfx86.sys not found.
File/Folder C:\WINDOWS\system32\drivers\naiavf5x.sys not found.
C:\Program Files\AVG\AVG8\cfg moved successfully.
C:\Program Files\AVG\AVG8\log moved successfully.
C:\Program Files\AVG\AVG8 moved successfully.
C:\Program Files\AVG moved successfully.
C:\Program Files\McAfee.com\vso moved successfully.
C:\Program Files\McAfee.com moved successfully.
C:\Program Files\Common Files\AOL\System Information moved successfully.
C:\Program Files\Common Files\AOL\Launch moved successfully.
C:\Program Files\Common Files\AOL\AOL Net work Magic moved successfully.
C:\Program Files\Common Files\AOL\WinsockFix\en-US moved successfully.
C:\Program Files\Common Files\AOL\WinsockFix moved successfully.
C:\Program Files\Common Files\AOL\IPHSend moved successfully.
C:\Program Files\Common Files\AOL\ECU moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\SafetyShell moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sscFirewallPlugin\ver1_0_0 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sscFirewallPlugin moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\safetyCore\ver210_5_2_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\safetyCore moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\topspeed\ver4_0_3_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\topspeed\ver4_0_3_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\topspeed\ver4_0_3_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\topspeed moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityAuthGadget\ver2_14_1_3\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityAuthGadget\ver2_14_1_3\content\aam moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityAuthGadget\ver2_14_1_3\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityAuthGadget\ver2_14_1_3\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityAuthGadget\ver2_14_1_3\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityAuthGadget\ver2_14_1_3 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityAuthGadget moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\feeds\ver2_0_2_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\feeds moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\favoritesExporter\ver2_1_1_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\favoritesExporter moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\enhancedFavorites\ver1_3_3_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\enhancedFavorites moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\authorization\ver3_2_4_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\authorization moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\SYSTRAY\ver1_1_10_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\SYSTRAY moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources\en-US\ui\locale\script moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources\en-US\ui\locale\images moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources\en-US\ui\locale\html moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources\en-US\ui\locale moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources\en-US\ui\core\script moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources\en-US\ui\core moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources\en-US\ui moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo\ver2_3_7_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\sysinfo moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\iphSend\ver2_0_4_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\iphSend moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\applicationdetect\ver2_1_8_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\applicationdetect moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\defaultauthenticationhandlerapp\ver2_1_3_1\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\defaultauthenticationhandlerapp\ver2_1_3_1\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\defaultauthenticationhandlerapp\ver2_1_3_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\defaultauthenticationhandlerapp\ver2_1_3_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\defaultauthenticationhandlerapp\ver2_1_3_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\defaultauthenticationhandlerapp moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\settingsManagerApp\ver1_1_27_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\settingsManagerApp\ver1_1_27_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\settingsManagerApp\ver1_1_27_1\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\settingsManagerApp\ver1_1_27_1\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\settingsManagerApp\ver1_1_27_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\settingsManagerApp moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofix\ver2_3_12_3\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofix\ver2_3_12_3\resources\autofixes moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofix\ver2_3_12_3\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofix\ver2_3_12_3 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofix moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofixDriver\ver2_3_12_3\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofixDriver\ver2_3_12_3\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofixDriver\ver2_3_12_3 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\autofixDriver moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\urlData\ver1_5_2_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\urlData moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\script\ver2_3_3_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\script moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\theme\images\TabScroll moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\theme\images\SuperTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\theme\images\InputFields moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\theme\images\FontToolbar moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\theme\images\DarkTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\theme\images moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\windowingPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\tabPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\menuPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\listPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\inputPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\extrasPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\editorPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\dialog moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\core moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content\aolHelpBox moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_19_2 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\theme\images\TabScroll moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\theme\images\SuperTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\theme\images\InputFields moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\theme\images\FontToolbar moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\theme\images\DarkTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\theme\images moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\windowingPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\tabPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\menuPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\listPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\inputPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\extrasPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\editorPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\dialog moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\core moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content\aolHelpBox moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_14_2 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\theme\images\TabScroll moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\theme\images\SuperTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\theme\images\InputFields moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\theme\images\FontToolbar moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\theme\images\DarkTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\theme\images moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\windowingPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\tabPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\menuPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\listPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\inputPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\extrasPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\editorPack moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\dialog moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\core moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content\aolHelpBox moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_5_12_4 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\theme\images\TabScroll moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\theme\images\SuperTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\theme\images\InputFields moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\theme\images\FontToolbar moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\theme\images\DarkTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\theme\images moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\content\dialog moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\content\aolHelpBox moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_29_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\theme\images\TabScroll moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\theme\images\SuperTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\theme\images\InputFields moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\theme\images\FontToolbar moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\theme\images\DarkTwisty moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\theme\images moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\content\dialog moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\content\aolHelpBox moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit\ver1_4_22_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyToolkit moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyrenderer\ver1_5_19_2\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyrenderer\ver1_5_19_2\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyrenderer\ver1_5_19_2 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyrenderer\ver1_4_29_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\boxelyrenderer moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\Connectivity\ver4_6_60_3 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\Connectivity\ver4_1_33_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\Connectivity moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\urldispatcher\ver4_2_8_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\urldispatcher moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\suiteFramework\ver4_1_4_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\suiteFramework\ver4_1_4_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\suiteFramework\ver4_1_4_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\suiteFramework\ver3_1_3_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\suiteFramework\ver3_1_3_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\suiteFramework\ver3_1_3_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\suiteFramework moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\softwareUpdate\ver2_14_2_30\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\softwareUpdate\ver2_14_2_30\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\softwareUpdate\ver2_14_2_30 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\softwareUpdate moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\security\ver2_0_1_2 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\security moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\http\ver2_6_8_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\http moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityInformation\ver4_4_1_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\identityInformation moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\bfts\ver2_13_9_10\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\bfts\ver2_13_9_10\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\bfts\ver2_13_9_10 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\bfts moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\authentication\ver5_2_8_2\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\authentication\ver5_2_8_2\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\authentication\ver5_2_8_2 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\authentication moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\dialerTray\ver4_6_60_3\resources\es-us moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\dialerTray\ver4_6_60_3\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\dialerTray\ver4_6_60_3\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\dialerTray\ver4_6_60_3 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\dialerTray moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\antispyware\ver2_4_9_1\resources\en-US\dat moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\antispyware\ver2_4_9_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\antispyware\ver2_4_9_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\antispyware\ver2_4_9_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\antispyware moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\connection\ver6_0_2_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\connection\ver6_0_2_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\connection\ver6_0_2_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\connection moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\localStorage\ver7_0_3_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\localStorage\ver4_5_1_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\localStorage\ver3_0_0_0 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\localStorage moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\os\ver5_2_1_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\os moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver4_2_3_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver4_2_3_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver4_2_3_1\theme moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver4_2_3_1\content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver4_2_3_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\Window pane moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\Main window moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\List view window moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\History content moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\Fwd_Back button moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\drop-down button moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\Content window moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\Column moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\Button moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\Browser controls_small moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\Browser controls moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui\3 pieces button moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US\ui moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster\ver2_29_1_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\toaster moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\metrics\ver3_6_16_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\metrics moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\basics\ver8_0_4_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\basics moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\preferences\ver4_1_1_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\preferences moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\minixml\ver1_5_1_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\minixml moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\compression\ver2_4_3_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\compression moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\notification\ver6_2_6_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\notification moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\waolTrayMenuService\ver_0_9_1\resources\en-us moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\waolTrayMenuService\ver_0_9_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\waolTrayMenuService\ver_0_9_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\waolTrayMenuService moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\htmlRenderer\ver1_0_15_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\htmlRenderer moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\aolsystrayservice\ver3_0_11_1\resources\en-US\ssc moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\aolsystrayservice\ver3_0_11_1\resources\en-US\aol moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\aolsystrayservice\ver3_0_11_1\resources\en-US\aim moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\aolsystrayservice\ver3_0_11_1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\aolsystrayservice\ver3_0_11_1\resources moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\aolsystrayservice\ver3_0_11_1 moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services\aolsystrayservice moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE\services moved successfully.
C:\Program Files\Common Files\AOL\1098492738\EE moved successfully.
C:\Program Files\Common Files\AOL\1098492738 moved successfully.
C:\Program Files\Common Files\AOL\Loader moved successfully.
C:\Program Files\Common Files\AOL\AOLDiag moved successfully.
C:\Program Files\Common Files\AOL\TopSpeed\2.0 moved successfully.
C:\Program Files\Common Files\AOL\TopSpeed moved successfully.
C:\Program Files\Common Files\AOL\Proofreader moved successfully.
C:\Program Files\Common Files\AOL\EE\services\minixml\ver0_9_6 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\minixml moved successfully.
C:\Program Files\Common Files\AOL\EE\services\compression\ver0_9_7 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\compression moved successfully.
C:\Program Files\Common Files\AOL\EE\services\localStorage\ver0_9_6 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\localStorage moved successfully.
C:\Program Files\Common Files\AOL\EE\services\notification\ver0_9_6 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\notification moved successfully.
C:\Program Files\Common Files\AOL\EE\services\AOLDialerservice\v1\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\EE\services\AOLDialerservice\v1\resources moved successfully.
C:\Program Files\Common Files\AOL\EE\services\AOLDialerservice\v1 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\AOLDialerservice moved successfully.
C:\Program Files\Common Files\AOL\EE\services\htmlRenderer\ver0_9_3 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\htmlRenderer moved successfully.
C:\Program Files\Common Files\AOL\EE\services\ACSservice\v1 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\ACSservice moved successfully.
C:\Program Files\Common Files\AOL\EE\services\waolTrayMenuService\ver_0_9_1\resources\en-us moved successfully.
C:\Program Files\Common Files\AOL\EE\services\waolTrayMenuService\ver_0_9_1\resources moved successfully.
C:\Program Files\Common Files\AOL\EE\services\waolTrayMenuService\ver_0_9_1 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\waolTrayMenuService\ver_0_8_0\resources\us-en moved successfully.
C:\Program Files\Common Files\AOL\EE\services\waolTrayMenuService\ver_0_8_0\resources moved successfully.
C:\Program Files\Common Files\AOL\EE\services\waolTrayMenuService\ver_0_8_0 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\waolTrayMenuService moved successfully.
C:\Program Files\Common Files\AOL\EE\services\aolsystrayservice\ver_0_9_2\resources\en-US moved successfully.
C:\Program Files\Common Files\AOL\EE\services\aolsystrayservice\ver_0_9_2\resources moved successfully.
C:\Program Files\Common Files\AOL\EE\services\aolsystrayservice\ver_0_9_2 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\aolsystrayservice\ver_0_8_0\resources\us-en moved successfully.
C:\Program Files\Common Files\AOL\EE\services\aolsystrayservice\ver_0_8_0\resources moved successfully.
C:\Program Files\Common Files\AOL\EE\services\aolsystrayservice\ver_0_8_0 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\aolsystrayservice moved successfully.
C:\Program Files\Common Files\AOL\EE\services\connection\ver0_8_1 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\connection moved successfully.
C:\Program Files\Common Files\AOL\EE\services\clssvc\ver0_7_3 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\clssvc moved successfully.
C:\Program Files\Common Files\AOL\EE\services\notifysvc\ver0_7_3 moved successfully.
C:\Program Files\Common Files\AOL\EE\services\notifysvc moved successfully.
C:\Program Files\Common Files\AOL\EE\services moved successfully.
C:\Program Files\Common Files\AOL\EE moved successfully.
C:\Program Files\Common Files\AOL\AOL Toolbar moved successfully.
C:\Program Files\Common Files\AOL\Screensaver\en-US moved successfully.
C:\Program Files\Common Files\AOL\Screensaver moved successfully.
C:\Program Files\Common Files\AOL\ACF moved successfully.
C:\Program Files\Common Files\AOL\Backup\System Information moved successfully.
C:\Program Files\Common Files\AOL\Backup\ACS\Current\EU moved successfully.
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps moved successfully.
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite moved successfully.
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US moved successfully.
C:\Program Files\Common Files\AOL\Backup\ACS\Current moved successfully.
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback moved successfully.
C:\Program Files\Common Files\AOL\Backup\ACS moved successfully.
C:\Program Files\Common Files\AOL\Backup moved successfully.
C:\Program Files\Common Files\AOL\ACS\vista moved successfully.
C:\Program Files\Common Files\AOL\ACS\EU moved successfully.
C:\Program Files\Common Files\AOL\ACS\US moved successfully.
C:\Program Files\Common Files\AOL\ACS moved successfully.
C:\Program Files\Common Files\AOL moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\AdpPlugins moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\player\language moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\player\libdir moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\player\plugin\Extern moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\player\plugin moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\player\dlls\main moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\player\dlls moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\player moved successfully.
C:\Program Files\Common Files\AolCoach\en_en\Local moved successfully.
C:\Program Files\Common Files\AolCoach\en_en moved successfully.
C:\Program Files\Common Files\AolCoach moved successfully.
C:\Program Files\America Online 9.0\backup\restore moved successfully.
C:\Program Files\America Online 9.0\backup moved successfully.
C:\Program Files\America Online 9.0\MyCalendar\help moved successfully.
C:\Program Files\America Online 9.0\MyCalendar moved successfully.
C:\Program Files\America Online 9.0\components moved successfully.
C:\Program Files\America Online 9.0\media\nmpx\plugins moved successfully.
C:\Program Files\America Online 9.0\media\nmpx moved successfully.
C:\Program Files\America Online 9.0\media\nmpxchat\plugins moved successfully.
C:\Program Files\America Online 9.0\media\nmpxchat moved successfully.
C:\Program Files\America Online 9.0\media moved successfully.
C:\Program Files\America Online 9.0\sounds\us moved successfully.
C:\Program Files\America Online 9.0\sounds moved successfully.
C:\Program Files\America Online 9.0\cool moved successfully.
C:\Program Files\America Online 9.0\tool moved successfully.
C:\Program Files\America Online 9.0\download moved successfully.
C:\Program Files\America Online 9.0\Jiti moved successfully.
C:\Program Files\America Online 9.0 moved successfully.
C:\Program Files\America Online 9.0a\backup\restore moved successfully.
C:\Program Files\America Online 9.0a\backup moved successfully.
C:\Program Files\America Online 9.0a\MyCalendar\help moved successfully.
C:\Program Files\America Online 9.0a\MyCalendar moved successfully.
C:\Program Files\America Online 9.0a\components moved successfully.
C:\Program Files\America Online 9.0a\media\nmpx\plugins moved successfully.
C:\Program Files\America Online 9.0a\media\nmpx moved successfully.
C:\Program Files\America Online 9.0a\media\nmpxchat\plugins moved successfully.
C:\Program Files\America Online 9.0a\media\nmpxchat moved successfully.
C:\Program Files\America Online 9.0a\media moved successfully.
C:\Program Files\America Online 9.0a\sounds\us moved successfully.
C:\Program Files\America Online 9.0a\sounds moved successfully.
C:\Program Files\America Online 9.0a\cool moved successfully.
C:\Program Files\America Online 9.0a\tool moved successfully.
C:\Program Files\America Online 9.0a\download moved successfully.
C:\Program Files\America Online 9.0a\Jiti moved successfully.
C:\Program Files\America Online 9.0a moved successfully.
Folder C:\Program Files\America Online 9.0b not found.
C:\Program Files\America Online 9.0c\backup\restore moved successfully.
C:\Program Files\America Online 9.0c\backup moved successfully.
C:\Program Files\America Online 9.0c\MyCalendar\help moved successfully.
C:\Program Files\America Online 9.0c\MyCalendar moved successfully.
C:\Program Files\America Online 9.0c\components moved successfully.
C:\Program Files\America Online 9.0c\media\nmpx\plugins moved successfully.
C:\Program Files\America Online 9.0c\media\nmpx moved successfully.
C:\Program Files\America Online 9.0c\media\nmpxchat\plugins moved successfully.
C:\Program Files\America Online 9.0c\media\nmpxchat moved successfully.
C:\Program Files\America Online 9.0c\media moved successfully.
C:\Program Files\America Online 9.0c\sounds\us moved successfully.
C:\Program Files\America Online 9.0c\sounds moved successfully.
C:\Program Files\America Online 9.0c\cool moved successfully.
C:\Program Files\America Online 9.0c\tool moved successfully.
C:\Program Files\America Online 9.0c\download moved successfully.
C:\Program Files\America Online 9.0c\Jiti moved successfully.
C:\Program Files\America Online 9.0c moved successfully.
Folder C:\Program Files\America Online 9.0l not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Dad
->Temp folder emptied: 1486800 bytes
->Temporary Internet Files folder emptied: 36254113 bytes
->Java cache emptied: 45843 bytes
->FireFox cache emptied: 39122488 bytes

User: Mom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Al

User: Owner

User: nygorfman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 452 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73.38 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08172009_131633

Files moved on Reboot...

Registry entries deleted on Reboot...

[Wingman]

Hi jinr,

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Kaspersky Online Scanner.
Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.

1. Click on the ...button.
2. The program will launch and fill in the Information section ... on the left.
3. Read the "Requirements and Limitations" then press... the ...button.
4. The program will begin downloading the latest program and definition files.
   It takes a while... please be patient and let it finish.
5. Once the files have been downloaded, click on the ...button.
   In the scan settings make sure the following are selected:
   • Detect malicious programs of the following categories:
     Viruses, Worms, Trojan Horses, Rootkits
     Spyware, Adware, Dialers and other potentially dangerous programs
   • Scan compound files (doesn't apply to the File scan area):
     Archives
     Mail databases
     By default the above items should already be checked.
   • Click the ...button, if you made any changes.
6. Now under the Scan section on the left:
   Select My Computer
7. The program will start and scan your system. This will run for a while, be patient... let it run.
   Once the scan is complete it will display if your system has been infected.
8. Save the scan results as a Text file ... save it to your desktop.
9. Copy and paste the saved scan results file in your next reply.

Step 2.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.

1. Double click on RSIT.exe to run it.
2. Please read the disclaimer... click on Continue.
   RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
3. Please post ONLY the "log.txt", file contents in your next reply.
   (This log can be lengthy, so a separate post may be needed.)

Step 3.
Please include in your next reply:

1. Any problem executing the instructions?
2. KAS scan results
3. New RSIT log.txt file contents
4. How is the computer behaving?

Thanks,
Wingman