Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

REALLY weird stuff happening...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: REALLY weird stuff happening...

Unread postby rlmark » February 27th, 2010, 10:02 am

Current Symptoms:

1) Add/Remove Programs still does not have "uninstall" buttons and also still shows strange programs, and is also missing programs. (I noticed that RSIT made an accurate uninstall list...)

2) No idea if System Restore works or not...

3) The Windows- No Disk error message popped up endlessly at one point, but a restart seemed to fix this. The error still occurs occasionally.

--------------------

08:27:19:125 3256 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
08:27:19:125 3256 ================================================================================
08:27:19:125 3256 SystemInfo:

08:27:19:125 3256 OS Version: 5.1.2600 ServicePack: 3.0
08:27:19:125 3256 Product type: Workstation
08:27:19:125 3256 ComputerName: LIVINGROOM3
08:27:19:125 3256 UserName: Mom and Dad
08:27:19:125 3256 Windows directory: F:\WINDOWS
08:27:19:125 3256 Processor architecture: Intel x86
08:27:19:125 3256 Number of processors: 1
08:27:19:125 3256 Page size: 0x1000
08:27:19:140 3256 Boot type: Normal boot
08:27:19:140 3256 ================================================================================
08:27:19:156 3256 UnloadDriverW: NtUnloadDriver error 2
08:27:19:156 3256 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
08:27:19:328 3256 Initialize success
08:27:19:328 3256
08:27:19:328 3256 Scanning Services ...
08:27:19:328 3256 wfopen_ex: Trying to open file F:\WINDOWS\system32\config\system
08:27:19:328 3256 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
08:27:19:328 3256 wfopen_ex: Trying to KLMD file open
08:27:19:328 3256 wfopen_ex: File opened ok (Flags 2)
08:27:19:328 3256 wfopen_ex: Trying to open file F:\WINDOWS\system32\config\software
08:27:19:328 3256 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
08:27:19:328 3256 wfopen_ex: Trying to KLMD file open
08:27:19:328 3256 wfopen_ex: File opened ok (Flags 2)
08:27:19:921 3256 GetAdvancedServicesInfo: Raw services enum returned 407 services
08:27:19:921 3256 fclose_ex: Trying to close file F:\WINDOWS\system32\config\system
08:27:19:921 3256 fclose_ex: Trying to close file F:\WINDOWS\system32\config\software
08:27:19:921 3256
08:27:19:921 3256 Scanning Kernel memory ...
08:27:19:921 3256 Devices to scan: 4
08:27:19:921 3256
08:27:19:921 3256 Driver Name: Disk
08:27:19:921 3256 IRP_MJ_CREATE : F765DBB0
08:27:19:921 3256 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
08:27:19:921 3256 IRP_MJ_CLOSE : F765DBB0
08:27:19:921 3256 IRP_MJ_READ : F7657D1F
08:27:19:921 3256 IRP_MJ_WRITE : F7657D1F
08:27:19:921 3256 IRP_MJ_QUERY_INFORMATION : 804F9759
08:27:19:921 3256 IRP_MJ_SET_INFORMATION : 804F9759
08:27:19:921 3256 IRP_MJ_QUERY_EA : 804F9759
08:27:19:921 3256 IRP_MJ_SET_EA : 804F9759
08:27:19:921 3256 IRP_MJ_FLUSH_BUFFERS : F76582E2
08:27:19:921 3256 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
08:27:19:921 3256 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
08:27:19:921 3256 IRP_MJ_DIRECTORY_CONTROL : 804F9759
08:27:19:921 3256 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
08:27:19:921 3256 IRP_MJ_DEVICE_CONTROL : F76583BB
08:27:19:921 3256 IRP_MJ_INTERNAL_DEVICE_CONTROL : F765BF28
08:27:19:921 3256 IRP_MJ_SHUTDOWN : F76582E2
08:27:19:921 3256 IRP_MJ_LOCK_CONTROL : 804F9759
08:27:19:921 3256 IRP_MJ_CLEANUP : 804F9759
08:27:19:921 3256 IRP_MJ_CREATE_MAILSLOT : 804F9759
08:27:19:921 3256 IRP_MJ_QUERY_SECURITY : 804F9759
08:27:19:921 3256 IRP_MJ_SET_SECURITY : 804F9759
08:27:19:921 3256 IRP_MJ_POWER : F7659C82
08:27:19:921 3256 IRP_MJ_SYSTEM_CONTROL : F765E99E
08:27:19:921 3256 IRP_MJ_DEVICE_CHANGE : 804F9759
08:27:19:921 3256 IRP_MJ_QUERY_QUOTA : 804F9759
08:27:19:921 3256 IRP_MJ_SET_QUOTA : 804F9759
08:27:19:953 3256 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
08:27:19:953 3256 sion
08:27:19:953 3256 F:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
08:27:19:953 3256
08:27:19:968 3256 Driver Name: Disk
08:27:19:968 3256 IRP_MJ_CREATE : F765DBB0
08:27:19:968 3256 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
08:27:19:968 3256 IRP_MJ_CLOSE : F765DBB0
08:27:19:968 3256 IRP_MJ_READ : F7657D1F
08:27:19:968 3256 IRP_MJ_WRITE : F7657D1F
08:27:19:968 3256 IRP_MJ_QUERY_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_SET_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_EA : 804F9759
08:27:19:968 3256 IRP_MJ_SET_EA : 804F9759
08:27:19:968 3256 IRP_MJ_FLUSH_BUFFERS : F76582E2
08:27:19:968 3256 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_DIRECTORY_CONTROL : 804F9759
08:27:19:968 3256 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
08:27:19:968 3256 IRP_MJ_DEVICE_CONTROL : F76583BB
08:27:19:968 3256 IRP_MJ_INTERNAL_DEVICE_CONTROL : F765BF28
08:27:19:968 3256 IRP_MJ_SHUTDOWN : F76582E2
08:27:19:968 3256 IRP_MJ_LOCK_CONTROL : 804F9759
08:27:19:968 3256 IRP_MJ_CLEANUP : 804F9759
08:27:19:968 3256 IRP_MJ_CREATE_MAILSLOT : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_SECURITY : 804F9759
08:27:19:968 3256 IRP_MJ_SET_SECURITY : 804F9759
08:27:19:968 3256 IRP_MJ_POWER : F7659C82
08:27:19:968 3256 IRP_MJ_SYSTEM_CONTROL : F765E99E
08:27:19:968 3256 IRP_MJ_DEVICE_CHANGE : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_QUOTA : 804F9759
08:27:19:968 3256 IRP_MJ_SET_QUOTA : 804F9759
08:27:19:968 3256 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
08:27:19:968 3256 sion
08:27:19:968 3256 F:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
08:27:19:968 3256
08:27:19:968 3256 Driver Name: atapi
08:27:19:968 3256 IRP_MJ_CREATE : F74CA6F2
08:27:19:968 3256 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
08:27:19:968 3256 IRP_MJ_CLOSE : F74CA6F2
08:27:19:968 3256 IRP_MJ_READ : 804F9759
08:27:19:968 3256 IRP_MJ_WRITE : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_SET_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_EA : 804F9759
08:27:19:968 3256 IRP_MJ_SET_EA : 804F9759
08:27:19:968 3256 IRP_MJ_FLUSH_BUFFERS : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_DIRECTORY_CONTROL : 804F9759
08:27:19:968 3256 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
08:27:19:968 3256 IRP_MJ_DEVICE_CONTROL : F74CA712
08:27:19:968 3256 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74C6852
08:27:19:968 3256 IRP_MJ_SHUTDOWN : 804F9759
08:27:19:968 3256 IRP_MJ_LOCK_CONTROL : 804F9759
08:27:19:968 3256 IRP_MJ_CLEANUP : 804F9759
08:27:19:968 3256 IRP_MJ_CREATE_MAILSLOT : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_SECURITY : 804F9759
08:27:19:968 3256 IRP_MJ_SET_SECURITY : 804F9759
08:27:19:968 3256 IRP_MJ_POWER : F74CA73C
08:27:19:968 3256 IRP_MJ_SYSTEM_CONTROL : F74D1336
08:27:19:968 3256 IRP_MJ_DEVICE_CHANGE : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_QUOTA : 804F9759
08:27:19:968 3256 IRP_MJ_SET_QUOTA : 804F9759
08:27:19:968 3256 siohd: 0
08:27:19:968 3256 F:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
08:27:19:968 3256
08:27:19:968 3256 Driver Name: atapi
08:27:19:968 3256 IRP_MJ_CREATE : F74CA6F2
08:27:19:968 3256 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
08:27:19:968 3256 IRP_MJ_CLOSE : F74CA6F2
08:27:19:968 3256 IRP_MJ_READ : 804F9759
08:27:19:968 3256 IRP_MJ_WRITE : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_SET_INFORMATION : 804F9759
08:27:19:968 3256 IRP_MJ_QUERY_EA : 804F9759
08:27:19:968 3256 IRP_MJ_SET_EA : 804F9759
08:27:19:968 3256 IRP_MJ_FLUSH_BUFFERS : 804F9759
08:27:19:984 3256 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
08:27:19:984 3256 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
08:27:19:984 3256 IRP_MJ_DIRECTORY_CONTROL : 804F9759
08:27:19:984 3256 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
08:27:19:984 3256 IRP_MJ_DEVICE_CONTROL : F74CA712
08:27:19:984 3256 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74C6852
08:27:19:984 3256 IRP_MJ_SHUTDOWN : 804F9759
08:27:19:984 3256 IRP_MJ_LOCK_CONTROL : 804F9759
08:27:19:984 3256 IRP_MJ_CLEANUP : 804F9759
08:27:19:984 3256 IRP_MJ_CREATE_MAILSLOT : 804F9759
08:27:19:984 3256 IRP_MJ_QUERY_SECURITY : 804F9759
08:27:19:984 3256 IRP_MJ_SET_SECURITY : 804F9759
08:27:19:984 3256 IRP_MJ_POWER : F74CA73C
08:27:19:984 3256 IRP_MJ_SYSTEM_CONTROL : F74D1336
08:27:19:984 3256 IRP_MJ_DEVICE_CHANGE : 804F9759
08:27:19:984 3256 IRP_MJ_QUERY_QUOTA : 804F9759
08:27:19:984 3256 IRP_MJ_SET_QUOTA : 804F9759
08:27:19:984 3256 siohd: 0
08:27:19:984 3256 F:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
08:27:19:984 3256
08:27:19:984 3256 Completed
08:27:19:984 3256
08:27:19:984 3256 Results:
08:27:19:984 3256 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
08:27:19:984 3256 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
08:27:19:984 3256 File objects infected / cured / cured on reboot: 0 / 0 / 0
08:27:19:984 3256
08:27:19:984 3256 KLMD(ARK) unloaded successfully

-------------------------

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 9, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Removable]
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Fixed-NTFS] .. ( Total:149 Go - Free:45 Go )
.
Scan : 08:30.04
Path : F:\Documents and Settings\Mom and Dad\Desktop\Rooter.exe
User : Mom and Dad ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ ¸ (4)
______ \SystemRoot\System32\smss.exe (1152)
______ \??\F:\WINDOWS\system32\csrss.exe (1820)
______ \??\F:\WINDOWS\system32\winlogon.exe (1848)
______ F:\WINDOWS\system32\services.exe (1896)
______ F:\WINDOWS\system32\lsass.exe (1908)
______ F:\WINDOWS\system32\svchost.exe (200)
______ F:\WINDOWS\system32\svchost.exe (340)
Locked ¸ (384)
Locked ¸ (424)
______ F:\WINDOWS\System32\svchost.exe (508)
______ F:\WINDOWS\System32\svchost.exe (852)
______ F:\WINDOWS\System32\svchost.exe (980)
______ F:\WINDOWS\system32\spoolsv.exe (1380)
______ F:\WINDOWS\System32\svchost.exe (1464)
______ F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1500)
______ F:\Program Files\Bonjour\mDNSResponder.exe (1516)
______ F:\WINDOWS\System32\imapi.exe (1608)
______ F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (1640)
______ F:\Program Files\Java\jre6\bin\jqs.exe (1676)
______ F:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (1712)
______ F:\WINDOWS\System32\HPZipm12.exe (1736)
______ F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe (1804)
______ F:\WINDOWS\System32\svchost.exe (236)
______ F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (328)
______ F:\WINDOWS\Explorer.EXE (2712)
______ F:\WINDOWS\System32\alg.exe (3748)
______ F:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1292)
______ F:\WINDOWS\system32\dla\tfswctrl.exe (1304)
______ F:\Program Files\SiteAdvisor\6172\SiteAdv.exe (1512)
______ F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (1412)
______ F:\Program Files\Common Files\Real\Update_OB\realsched.exe (2104)
______ F:\Program Files\Java\jre6\bin\jusched.exe (2308)
______ F:\WINDOWS\system32\RUNDLL32.EXE (2372)
______ F:\Program Files\iTunes\iTunesHelper.exe (2424)
______ F:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (2344)
Locked ¸ (2524)
______ F:\WINDOWS\system32\ctfmon.exe (2720)
______ F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe (2736)
______ F:\Program Files\TiVo\Desktop\TiVoNotify.exe (2752)
______ F:\Program Files\TiVo\Desktop\TiVoServer.exe (2764)
______ F:\Program Files\Upromise\UpromiseTray.exe (2892)
______ F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (2992)
______ F:\Program Files\Autobahn\autobahn.exe (3172)
______ F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (3188)
______ F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (3316)
Locked ¸ (288)
______ F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (2848)
______ F:\Program Files\iPod\bin\iPodService.exe (2164)
______ F:\WINDOWS\system32\wuauclt.exe (2468)
______ F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3244)
______ F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE (3436)
______ F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (2348)
______ F:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (800)
______ F:\Program Files\Java\jre6\bin\jucheck.exe (1532)
______ F:\Program Files\Mozilla Firefox\firefox.exe (3888)
______ F:\WINDOWS\system32\NOTEPAD.EXE (3252)
______ F:\Documents and Settings\Mom and Dad\Desktop\Rooter.exe (3368)
.
----------------------\\ Device\Harddisk0\
----------------------\\ Scheduled Tasks
.
F:\WINDOWS\Tasks\desktop.ini
F:\WINDOWS\Tasks\Google Software Updater.job
F:\WINDOWS\Tasks\SA.DAT
F:\WINDOWS\Tasks\User_Feed_Synchronization-{C85A52A9-DEE3-40ED-93B1-CDF5F6BE7DED}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 08:30.30
.
F:\Rooter$\Rooter_1.txt - (27/02/2010 | 08:30.30)
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm
Advertisement
Register to Remove

Re: REALLY weird stuff happening...

Unread postby rlmark » February 27th, 2010, 10:03 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mom and Dad at 2010-02-27 08:57:09
Microsoft Windows XP Home Edition Service Pack 3
System drive F: has 47 GB (31%) free of 153 GB
Total RAM: 1535 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:33 AM, on 2/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\System32\imapi.exe
F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
F:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\TiVo\Desktop\TiVoNotify.exe
F:\Program Files\TiVo\Desktop\TiVoServer.exe
F:\Program Files\Upromise\UpromiseTray.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Autobahn\autobahn.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
F:\Program Files\Java\jre6\bin\jucheck.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\Mom and Dad\Desktop\RSIT.exe
F:\Program Files\trend micro\HijackThis\Mom and Dad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WinPatrol] F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F5D7050v3] F:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "F:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "F:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "F:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe
O4 - HKCU\..\Run: [swg] "F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: autobahn.lnk = F:\Program Files\Autobahn\autobahn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: -> Ever Profits - Explore Keyword... - file://F:\Program Files\Ever Profits Toolbar\EverProfitsAddOns.IEModule.54267293.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocol ... 0.0.13.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8842907250
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/on ... /fscax.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/di ... erdash.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://my.firmenich.com/dana-cached/se ... tupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - F:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - F:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KodakDigitalDisplayService - Orb Networks - F:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - F:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 15246 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\Google Software Updater.job
F:\WINDOWS\tasks\User_Feed_Synchronization-{C85A52A9-DEE3-40ED-93B1-CDF5F6BE7DED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
F:\Program Files\SiteAdvisor\6253\SiteAdv.dll [2007-12-04 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - F:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - F:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-25 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA}]
Upromise TurboSaver - F:\Program Files\Upromise\upromisetoolbar.dll [2009-04-14 983040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll [2007-12-04 927008]
{06E58E5E-F8CB-4049-991E-A41C03BD419E} - Upromise TurboSaver - F:\Program Files\Upromise\upromisetoolbar.dll [2009-04-14 983040]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-06-09 5931848]
{4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - F:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2009-10-20 128832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=F:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"dla"=F:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-06 114741]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"SiteAdvisor"=F:\Program Files\SiteAdvisor\6172\SiteAdv.exe [2007-03-01 35928]
"googletalk"=F:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"WinPatrol"=F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"Google Desktop Search"=F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-16 30192]
"TkBellExe"=F:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-01-23 185896]
"Adobe Reader Speed Launcher"=F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=F:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"NvMediaCenter"=F:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"QuickTime Task"=F:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=F:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"F5D7050v3"=F:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe [2007-10-30 1654784]
"BDAgent"=F:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-01-20 1120704]
"BitDefender Antiphishing Helper"=F:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2009-10-19 71152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=F:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Microsoft Works Update Detection"=?\WkDetect.exe []
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TivoTransfer"=F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2007-09-25 1195008]
"TivoNotify"=F:\Program Files\TiVo\Desktop\TiVoNotify.exe [2007-09-25 384000]
"TivoServer"=F:\Program Files\TiVo\Desktop\TiVoServer.exe [2007-09-25 1495040]
"P2kAutostart"= []
"NvMediaCenter"=F:\WINDOWS\system32\NVMCTRAY.DLL [2008-05-16 86016]
"Upromise Tray"=F:\Program Files\Upromise\UpromiseTray.exe [2009-04-14 139264]
"swg"=F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-10 68856]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
autobahn.lnk - F:\Program Files\Autobahn\autobahn.exe
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Works Calendar Reminders.lnk - F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
WDDMStatus.lnk - F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

F:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\TiVo\Desktop\TiVoServer.exe"="F:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server Service Process"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\Program Files\uTorrent\uTorrent.exe"="G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"H:\utorrent.exe"="H:\utorrent.exe:*:Enabled:µTorrent"
"I:\Program Files\uTorrent\uTorrent.exe"="I:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"I:\utorrent.exe"="I:\utorrent.exe:*:Enabled:µTorrent"
"F:\Program Files\Bonjour\mDNSResponder.exe"="F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Program Files\Autobahn\autobahn.exe"="F:\Program Files\Autobahn\autobahn.exe:*:Enabled:autobahn"
"F:\Program Files\iTunes\iTunes.exe"="F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"F:\Program Files\Google\Google Talk\googletalk.exe"="F:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"F:\Program Files\AirPort\APAgent.exe"="F:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort"
"F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}]
shell\AutoRun\command - G:\system32.vbs
shell\open\command - G:\system32.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}]
shell\AutoRun\command - "G:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}]
shell\AutoRun\command - "I:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e56cef08-bb2a-11dd-ab20-806d6172696f}]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 1 months======

2010-02-27 08:30:30 ----D---- F:\Rooter$
2010-02-26 20:00:42 ----A---- F:\gmer.txt
2010-02-25 03:00:43 ----HDC---- F:\WINDOWS\$NtUninstallKB979306$
2010-02-23 16:02:05 ----A---- F:\Documents and Settings\Mom and Dad\Application Data\bdfvconp.ini
2010-02-21 12:01:42 ----D---- F:\Documents and Settings\Mom and Dad\Application Data\BitDefender
2010-02-21 12:01:42 ----D---- F:\Documents and Settings\All Users\Application Data\BitDefender
2010-02-21 11:59:59 ----D---- F:\Program Files\Common Files\BitDefender
2010-02-21 11:37:47 ----A---- F:\WINDOWS\ntbtlog.txt
2010-02-16 15:33:21 ----D---- F:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2010-02-15 20:14:38 ----D---- F:\Documents and Settings\Mom and Dad\Application Data\Toolbar4
2010-02-15 19:50:40 ----D---- F:\Documents and Settings\Mom and Dad\Application Data\Add-in Express Ltd
2010-02-15 17:30:21 ----D---- F:\Documents and Settings\Mom and Dad\Application Data\AccurateRip
2010-02-15 14:27:13 ----D---- F:\Program Files\BitDefender
2010-02-13 22:19:36 ----A---- F:\WINDOWS\system32\UpdateDriver.exe
2010-02-13 22:19:36 ----A---- F:\WINDOWS\system32\ucuiinfo.ini
2010-02-13 22:19:25 ----D---- F:\Program Files\Belkin
2010-02-12 18:00:51 ----D---- F:\Program Files\AirPort
2010-02-11 03:08:04 ----HDC---- F:\WINDOWS\$NtUninstallKB978262$
2010-02-11 03:07:22 ----HDC---- F:\WINDOWS\$NtUninstallKB971468$
2010-02-11 03:03:34 ----HDC---- F:\WINDOWS\$NtUninstallKB978037$
2010-02-11 03:03:24 ----HDC---- F:\WINDOWS\$NtUninstallKB975713$
2010-02-11 03:03:15 ----HDC---- F:\WINDOWS\$NtUninstallKB978251$
2010-02-11 03:03:04 ----HDC---- F:\WINDOWS\$NtUninstallKB975560$
2010-02-11 03:02:51 ----HDC---- F:\WINDOWS\$NtUninstallKB977914$
2010-02-11 03:01:33 ----HDC---- F:\WINDOWS\$NtUninstallKB978706$
2010-02-11 03:01:17 ----HDC---- F:\WINDOWS\$NtUninstallKB977165$
2010-01-28 03:01:54 ----A---- F:\WINDOWS\imsins.BAK

======List of files/folders modified in the last 1 months======

2010-02-27 08:51:07 ----D---- F:\WINDOWS\system32
2010-02-27 08:51:03 ----D---- F:\WINDOWS\Temp
2010-02-27 08:31:59 ----D---- F:\WINDOWS\Prefetch
2010-02-27 08:27:19 ----D---- F:\WINDOWS\system32\drivers
2010-02-27 08:22:56 ----D---- F:\Program Files\Mozilla Firefox
2010-02-27 08:19:00 ----D---- F:\WINDOWS
2010-02-27 08:17:22 ----SD---- F:\WINDOWS\Tasks
2010-02-26 10:51:09 ----A---- F:\WINDOWS\SchedLgU.Txt
2010-02-26 10:36:01 ----D---- F:\Documents and Settings\All Users\Application Data\Google Updater
2010-02-25 17:20:22 ----D---- F:\WINDOWS\system32\CatRoot2
2010-02-25 03:01:03 ----HD---- F:\WINDOWS\inf
2010-02-21 15:19:11 ----D---- F:\LOOPS
2010-02-21 12:03:30 ----SHD---- F:\WINDOWS\Installer
2010-02-21 12:03:28 ----HD---- F:\Config.Msi
2010-02-21 12:02:49 ----D---- F:\WINDOWS\system32\CatRoot
2010-02-21 12:00:34 ----D---- F:\WINDOWS\WinSxS
2010-02-21 11:59:59 ----D---- F:\Program Files\Common Files
2010-02-19 10:05:28 ----D---- F:\WINDOWS\Microsoft.NET
2010-02-19 10:05:27 ----RSD---- F:\WINDOWS\assembly
2010-02-19 10:01:22 ----RSD---- F:\WINDOWS\Fonts
2010-02-19 09:52:23 ----D---- F:\Program Files\TurboTax
2010-02-16 16:31:23 ----D---- F:\Program Files\trend micro
2010-02-16 15:42:38 ----D---- F:\Program Files\Hijackthis
2010-02-16 15:33:21 ----D---- F:\Program Files
2010-02-16 15:32:07 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-16 15:31:30 ----AD---- F:\Documents and Settings\All Users\Application Data\TEMP
2010-02-16 09:48:22 ----D---- F:\Program Files\Microsoft Picture It! PhotoPub
2010-02-15 20:00:24 ----D---- F:\Program Files\Google
2010-02-15 20:00:20 ----D---- F:\Documents and Settings\All Users\Application Data\Google
2010-02-15 17:20:59 ----D---- F:\Program Files\Cakewalk
2010-02-15 17:16:14 ----D---- F:\Cakewalk Projects
2010-02-15 16:32:32 ----D---- F:\Program Files\CoffeeCup Software
2010-02-15 16:18:57 ----D---- F:\Program Files\VS Revo Group
2010-02-15 14:30:38 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2010-02-15 14:26:28 ----SD---- F:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-15 14:26:28 ----D---- F:\Documents and Settings\Mom and Dad\Application Data\Lavasoft
2010-02-15 14:23:46 ----D---- F:\Program Files\Common Files\Symantec Shared
2010-02-15 14:23:46 ----D---- F:\Documents and Settings\All Users\Application Data\Symantec
2010-02-15 14:23:23 ----D---- F:\Program Files\Symantec
2010-02-15 14:18:02 ----D---- F:\Program Files\Norton Internet Security
2010-02-13 22:19:38 ----DC---- F:\WINDOWS\system32\DRVSTORE
2010-02-13 22:19:33 ----HD---- F:\Program Files\InstallShield Installation Information
2010-02-11 03:08:01 ----HD---- F:\WINDOWS\$hf_mig$
2010-02-11 03:07:23 ----RSHDC---- F:\WINDOWS\system32\dllcache
2010-02-11 03:03:47 ----D---- F:\WINDOWS\Debug
2010-02-09 04:02:31 ----D---- F:\Documents and Settings\All Users\Application Data\Norton
2010-02-01 14:26:20 ----A---- F:\WINDOWS\system32\MRT.exe
2010-01-28 03:01:42 ----D---- F:\WINDOWS\system32\en-us
2010-01-28 03:01:42 ----D---- F:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\F:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 cdrbsdrv;cdrbsdrv; F:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 eeCtrl;Symantec Eraser Control driver; \??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; F:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; F:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 NPPTNT2;NPPTNT2; \??\F:\WINDOWS\System32\npptNT2.sys []
R1 OMCI;OMCI; F:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SCDEmu;SCDEmu; F:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 sscdbhk5;sscdbhk5; F:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; F:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R1 vmm;Virtual Machine Monitor; \??\F:\WINDOWS\system32\Drivers\vmm.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; F:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-02-13 20747]
R2 BDVEDISK;BDVEDISK; \??\F:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys []
R2 drvnddm;drvnddm; F:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 tfsnboio;tfsnboio; F:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; F:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; F:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; F:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; F:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; F:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; F:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; F:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; F:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 aeaudio;aeaudio; F:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; F:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bdfm;BDFM; F:\WINDOWS\system32\drivers\bdfm.sys [2010-02-21 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; F:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-10-19 110984]
R3 BDSelfPr;BDSelfPr; \??\F:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; F:\WINDOWS\System32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; F:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; F:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 kbdcap;kbdcap; F:\WINDOWS\system32\drivers\kbdcap.sys [2009-05-25 109440]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; F:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 mouhid;Mouse HID Driver; F:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 NIC1394;1394 Net Driver; F:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; F:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pcouffin;VSO Software pcouffin; F:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-22 47360]
R3 RT73;Belkin Wireless 54G USB Network Adapter Driver; F:\WINDOWS\system32\DRIVERS\rt73.sys [2007-10-02 451968]
R3 smwdm;smwdm; F:\WINDOWS\system32\drivers\smwdm.sys [2003-06-18 578176]
R3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; F:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
S3 61883;61883 Unit Device; F:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; F:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; F:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CoachUsb;Coach Digital Camera on USB; F:\WINDOWS\System32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 CoachVc;Coach Video Capture; F:\WINDOWS\System32\DRIVERS\CoachVc.sys [2004-11-24 44256]
S3 CrystalSysInfo;CrystalSysInfo; \??\F:\Program Files\MediaCoder\SysInfo.sys []
S3 ENTECH;ENTECH; \??\F:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; F:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; F:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; F:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 ICDUSB2;Sony IC Recorder (P); F:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 idmc1aud;Intel(r) Play(tm) USB Audio Filter (WDM); F:\WINDOWS\system32\drivers\idmc1aud.sys [2001-07-05 15188]
S3 IDMC1Blk;Intel Play DMC Download Driver; F:\WINDOWS\System32\DRIVERS\IDMC1Blk.sys [2001-07-05 14628]
S3 IDMC1Vxp;Intel(r) Play(tm) DMC Camera; F:\WINDOWS\System32\DRIVERS\idmc1vme.sys [2001-07-05 416564]
S3 MSDV;Microsoft DV Camera and VCR; F:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; F:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 OVT511Plus;Dual Mode USB Camera Plus; F:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 P2k;Motorola USB Device; F:\WINDOWS\System32\DRIVERS\P2k.sys [2003-04-08 38656]
S3 pgfilter;pgfilter; \??\I:\Program Files\PeerGuardian2\pgfilter.sys []
S3 Profos;Profos; \??\F:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 PSI;PSI; F:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 Revoflt;Revoflt; F:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); F:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; F:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; F:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); F:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; F:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 SDDMI2;SDDMI2; \??\F:\WINDOWS\System32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; F:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); F:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; F:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; F:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; F:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\F:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; F:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; F:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; F:\WINDOWS\System32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; F:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; F:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 IntuitUpdateService;Intuit Update Service; F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService; F:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [2008-03-06 81920]
R2 LIVESRV;BitDefender Desktop Update Service; F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 308552]
R2 Pml Driver HPZ12;Pml Driver HPZ12; F:\WINDOWS\System32\HPZipm12.exe [2007-08-09 73728]
R2 spkrmon;spkrmon; F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-06-16 61440]
R2 TivoBeacon2;TiVo Beacon; F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2007-09-25 867328]
R2 VSSERV;BitDefender Virus Shield; F:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-02-21 1612616]
R3 iPod Service;iPod Service; F:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 gusvc;Google Software Updater; F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 Arrakis3;BitDefender Arrakis Server; F:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ICDSPTSV;Sony SPTI Service for DVE; F:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
S3 idsvc;Windows CardSpace; f:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 scan;BitDefender Threat Scanner; F:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 usprserv;User Privilege Service; F:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 getPlus(R) Helper;getPlus(R) Helper; F:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-16 30192]
S4 gupdate;Google Update Service (gupdate); F:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05 135664]
S4 Imapi Helper;Imapi Helper; F:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; f:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
S4 PCPitstop Scheduling;PCPitstop Scheduling; F:\Program Files\PCPitstop\PCPitstopScheduleService.exe [2009-04-26 90352]
S4 WDDMService;WD SmartWare Drive Manager; F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service; F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]

-----------------EOF-----------------
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby rlmark » February 27th, 2010, 10:04 am

info.txt logfile of random's system information tool 1.06 2009-05-07 16:14:26

======Uninstall list======

-->"F:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->F:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{410438A3-B591-4028-B70A-3CC0B33FBCD1}\Setup.exe" -l0x9 -L0x9anything
-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{CACA4016-6B3D-460F-A9E8-767CE6E9D1D1}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"F:\Program Files\7-Zip\Uninstall.exe"
Acoustica Effects Pack-->F:\PROGRA~1\ACOUST~2\UNWISE.EXE F:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Ad-Aware SE Personal-->F:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE F:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe AIR-->f:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player-->F:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnswerWorks 4.0 Runtime - English-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Any Video Converter 2.7.0-->"F:\Program Files\Any Video Converter\unins000.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"F:\Program Files\Audacity\unins000.exe"
Autobahn-->F:\Program Files\Autobahn\Uninstall.exe
AVS Cover Editor 1.3.1.95 (AVS4YOU)-->"F:\Program Files\AVS4YOU\AVS Cover Editor\unins000.exe"
AVS Disc Creator version 3.5-->"F:\Program Files\AVS4YOU\AVSDiscCreator\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
burnatonce-->"F:\Program Files\burnatonce\unins000.exe"
Cakewalk Music Creator 2003-->F:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE F:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only)-->"F:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CleanCache 3.5-->"F:\Program Files\CleanCache 3.0\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Critical Update for Windows Media Player 11 (KB959772)-->"F:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
dBpoweramp FLAC Codec-->"F:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>F:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp Music Converter-->"F:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>F:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Dell ResourceCD-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Web Player-->F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamStation DXi2-->F:\WINDOWS\DSDXIRMV.EXE F:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DV TS-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{54266945-8A11-424D-B20F-4F747A714FBA}\Setup.exe"
eMusic Download Manager 4.0.0.5-->F:\Program Files\eMusic Download Manager\uninst.exe
EndlessOptin-->MsiExec.exe /I{647726A8-9EB6-419E-8E64-BF863AAAF491}
ERUNT 1.1j-->"F:\Program Files\ERUNT\unins000.exe"
Finale NotePad 2008-->F:\Program Files\Finale NotePad 2008\uninstallNP.exe
getPlus(R) for Adobe-->"F:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Desktop-->F:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"F:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "f:\program files\google\googletoolbar1.dll"
Google Updater-->"F:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPL Ghostscript 8.54-->F:\Program Files\gs\uninstgs.exe "F:\Program Files\gs\gs8.54\uninstal.txt"
GPL Ghostscript Fonts-->F:\Program Files\gs\uninstgs.exe "F:\Program Files\gs\fonts\uninstal.txt"
HD Tune 2.55-->"F:\Program Files\HD Tune\unins000.exe"
Hijackthis 1.99.1-->"F:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"F:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB932716-v2)-->"F:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"F:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"F:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Deskjet 5900 series-->F:\Program Files\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Extended Capabilities 5.0-->F:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.0-->F:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.0-->F:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center & Imaging Support Tools 5.0-->F:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HTML Executable IERuntime-->F:\Program Files\Common Files\HTML Executable Viewer\{AF358AB7-0CEF-40B5-A569-D27F8F38232D}\heieunin.exe
ieSpell-->"F:\Program Files\ieSpell\uninst.exe"
Intel(r) Play(tm) Digital Movie Creator-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{128D2873-DDAA-4D4C-A177-2D4876C86807}\setup.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(r) System Information Viewer-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}\setup.exe"
ISO Recorder-->MsiExec.exe /I{0F6A7971-0F11-4A79-A0E9-133D0963A570}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
KEDDS-->MsiExec.exe /I{C7B99334-41CC-445A-AF7B-A210691A72AD}
Kodak EasyShare software-->F:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_209ee95f\Setup.exe /APR-REMOVE
KODAK Gallery Upload Software-->MsiExec.exe /I{B7F98125-4955-41E3-8A71-4CE11CE9C198}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "F:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic DVD Copier Version 4.9 build 4-->"F:\Program Files\MagicDVDCopier\unins000.exe"
Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->F:\Program Files\SiteAdvisor\6253\uninstall.exe
MediaCoder 0.6.2-->F:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->F:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Command & Control Engine-->RunDll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\mscnc.inf, Uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Publishing Platinum 2001-->MsiExec.exe /I{501FC6C0-7F99-4937-99F6-9A65A964B710}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Speech API 3.0-->RunDll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Speech Lexicon-->RunDll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\mslex.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
MicroType 3.0 Demo-->F:\WINDOWS\unvise32.exe H:\Program Files\MicroType3 Demo\uninstal.log
MixMeister BPM Analyzer 1.0-->"F:\Program Files\MixMeister BPM Analyzer\unins000.exe"
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicnotes Player V1.22.3-->"F:\Program Files\Musicnotes\Player\unins000.exe"
My Mix-->F:\WINDOWS\unvise32.exe F:\Program Files\Shockwave.com\My Mix\product\data\uninstal.log
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Network Play System (Patching)-->F:\WINDOWS\IsUninst.exe -f"F:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"F:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers-->F:\WINDOWS\System32\nvudisp.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe F:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Ogg Codecs 0.81.15562-->F:\Program Files\Xiph.Org\Ogg Codecs\uninst.exe
OverDrive Media Console-->MsiExec.exe /I{59FD743D-A699-449E-8197-BD2899DAD69A}
PowerDVD-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"F:\WINDOWS\PrimoPDF\uninstall.exe" "/U:F:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
Proxy Finder Enterprise Edition-->F:\Program Files\ProxyFinderEnterprise\uninstal.exe
ProxyChecker (remove only)-->"F:\Program Files\mSoft\ProxyChecker\uninstall.exe"
PTR-Buster 1.2-->"G:\Program Files\Stonisa\ptrbuster\unins000.exe"
QuickTime for Windows (32-bit)-->F:\WINDOWS\QTW32DEL.EXE
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Revo Uninstaller 1.80-->F:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Secunia PSI-->"F:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"F:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"F:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"F:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"F:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"F:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"F:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"F:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"F:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"F:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"F:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"F:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"F:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"F:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"F:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"F:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"F:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"F:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"F:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"F:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"F:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"F:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"F:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"F:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"F:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SENuke-->"H:\Program Files\SENuke\unins000.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
simpleology BrowserBodyguard 1.2-->MsiExec.exe /I{C153ABD3-0A1E-4F70-A1AA-339F43CCA02A}
simpleology Wimiki-->MsiExec.exe /I{578082DB-B171-48D3-B22E-5B1662181051}
SmartMusic Content (shared music files)-->H:\Program Files\SmartMusic Applications\UninstallContent.exe
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Foundry ACID 3.0g-->MsiExec.exe /I{09E75527-D21D-4B9D-88FB-1A3E9D434A21}
Sonic MyDVD-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
Sony Cinescore 1.0-->MsiExec.exe /X{9622AE32-1EE6-4EB6-A86F-B3346A34BAE0}
Sony Cinescore Plug-In 1.0-->MsiExec.exe /X{36DB05B6-721B-4001-87EA-7AC42E3BB0F6}
Sony Digital Voice Editor 3-->F:\PROGRA~1\Sony\DIGITA~1\UNINST.EXE
Sony DVD Architect Studio 3.0b-->MsiExec.exe /X{F0B8271B-1FC0-48AA-A4E7-8991AEDAEC1A}
Sony USB Driver-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony Vegas Movie Studio 6.0b-->MsiExec.exe /X{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}
SoundMAX-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spin It Again-->F:\PROGRA~1\ACOUST~1\UNWISE.EXE F:\PROGRA~1\ACOUST~1\INSTALL.LOG
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"F:\Program Files\SpywareBlaster\unins000.exe"
Sqirlz Morph-->F:\WINDOWS\Sqirlz Morph Uninstaller.exe
Subliminal Blaster 2.0-->H:\Program Files\Subliminal Blaster 2.0\Uninstal.exe
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
TiVo Desktop 2.5.1-->MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wnjiper-->MsiExec.exe /I{923CAE62-30C9-425E-B4ED-F5E9C09C5C4A}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->F:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Deluxe 2007-->F:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->F:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB955839)-->"F:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"F:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Upromise TurboSaver (remove only)-->"F:\Program Files\Upromise\uninstall.exe"
VideoEgg Publisher-->F:\Program Files\VideoEgg\Uninstall.exe
Virtual Sound Canvas DXi-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
WaterRocketSimulator 1.0.1-->"F:\Program Files\Water Rocket Simulator\unins000.exe"
WexTech AnswerWorks-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Internet Explorer 7-->"F:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.10.4.0-->"F:\Program Files\WinMerge\unins000.exe"
WinPatrol 2008-->F:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->F:\Documents and Settings\Kids\My Documents\Absolute Pitch\dlb tppetsc\rar\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wisdom-soft AutoScreenRecorder 3.0 Free-->F:\PROGRA~1\WISDOM~1\UNWISE.EXE F:\PROGRA~1\WISDOM~1\INSTALL.LOG
WordFlood 2.0 (remove only)-->"H:\Program Files\WordFlood 2.0\Uninstall.exe"
Xteq-dotec X-Setup Pro 6.6.300.Final1-->"F:\Program Files\X-Setup Pro\unins000.exe"
Xvid 1.1.3 final uninstall-->"F:\Program Files\Xvid\unins000.exe"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: LIVINGROOM3
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.

Record Number: 360174
Source Name: Print
Time Written: 20090416030423.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LIVINGROOM3
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.

Record Number: 360173
Source Name: Print
Time Written: 20090416030418.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LIVINGROOM3
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Record Number: 360133
Source Name: Service Control Manager
Time Written: 20090415205439.000000-240
Event Type: error
User:

Computer Name: LIVINGROOM3
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Record Number: 360132
Source Name: Service Control Manager
Time Written: 20090415205401.000000-240
Event Type: error
User:

Computer Name: LIVINGROOM3
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 360093
Source Name: W32Time
Time Written: 20090415103335.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: LIVINGROOM3
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 27277
Source Name: crypt32
Time Written: 20090420213025.000000-240
Event Type: error
User:

Computer Name: LIVINGROOM3
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 27276
Source Name: crypt32
Time Written: 20090420213025.000000-240
Event Type: error
User:

Computer Name: LIVINGROOM3
Event Code: 2001
Message: Rejected Safe Mode action : Microsoft Office Word.

Record Number: 27262
Source Name: Microsoft Office 11
Time Written: 20090420184419.000000-240
Event Type: error
User:

Computer Name: LIVINGROOM3
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 27070
Source Name: crypt32
Time Written: 20090418222256.000000-240
Event Type: error
User:

Computer Name: LIVINGROOM3
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 27069
Source Name: crypt32
Time Written: 20090418222248.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\Program Files\Common Files\Sonic Shared;F:\Program Files\Smart Projects\IsoBuster;F:\Program Files\iTunes\Plug-Ins\Qloud\;F:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;F:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=F:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby Gary R » February 28th, 2010, 5:24 am

Dakeyras will not be available to continue helping you with your problem for a while due to personal circumstances, so if it's OK with you I'd like to continue in his place.

It will take me a while to read through all you've done so far, so it may be tomorrow before I get back to you with further instructions.

Just one question. Am I right in thinking that you have recently removed Norton as your Anti-Virus and firewall ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: REALLY weird stuff happening...

Unread postby rlmark » February 28th, 2010, 8:31 am

Sure thing, no problem! If you see him, tell him thanks for all the help he's given me so far, and thank YOU for taking over my thread.

Yes, you'd be correct in assuming the AV switch was recent. Couldn't have been more then 1-2 weeks ago.
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby Gary R » February 28th, 2010, 9:26 am

There are still a number of Norton remnants in your logs, which suggests that it did not uninstall as thoroughly as it should have. The onboard uninstaller that comes with Norton is notorious for not doing a very good job.

Both Norton and Bit Defender are fairly service heavy programmes, and I think it's a distinct possibility that part of your problems may be caused by your new Bit Defender installation conflicting with Norton remnants.

So before we go any further, I'd first like to ensure that Norton is more completely removed from your computer.

First

To uninstall Norton go to HERE and follow the directions appropriate to your version. As you're not bothered about re-installing it, it won't be necessary for you to get the product key information.

When finished Reboot your Computer.

Next

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:RegFind
Norton
Symantec

:FolderFind
*Norton*
*Symantec*

:Reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

I'd like you to run a new OTL scan for me using the directions below .....

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • SystemLook.txt
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: REALLY weird stuff happening...

Unread postby rlmark » February 28th, 2010, 2:47 pm

Alrighty, I ran the uninstall tool from Norton, and then the scans as you requested. Here are the logs:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 12:52 on 28/02/2010 by Mom and Dad (Administrator - Elevation successful)

========== RegFind ==========

Searching for "Norton"
[HKEY_CURRENT_USER\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000]
"Name"="Auto Generated Norton AntiSpam Rule"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
"FriendlyName"="Norton AntiSpam Outlook Plugin"
[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
"FriendlyName"="Norton AntiSpam Outlook Plugin"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security]
[HKEY_CURRENT_USER\Software\Norton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000]
"Name"="Auto Generated Norton AntiSpam Rule"
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
"FriendlyName"="Norton AntiSpam Outlook Plugin"
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
"FriendlyName"="Norton AntiSpam Outlook Plugin"
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security]
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Norton]

Searching for "Symantec"
[HKEY_CURRENT_USER\Software\Symantec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}\DownloadInformation]
"CODEBASE"="http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}\DownloadInformation]
"CODEBASE"="http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocation\DEFAULT]
"Dll"="F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll cryptnet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03F08AFA727A5B642B4CBC4081F6FC28]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcEmlPxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09F7959FCF8DD344CA0709D3A579D513]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccSEUPDT.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1012F61D6BA9D35438B17D18E9BF2FBC]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccL70U.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150981835B325EE4FBC8241B735128CA]
"00000000000000000000000000000000"="F:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccResLuM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251AC011B2164247AE55D2AD7ECA1D4]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccL70.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2837C8EE11C3BDF468EB1B4F4C24E909]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccAppPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\291B9C31066593C45A818A8C87B1856B]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccSubEng.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BBDF08A38AB2464EA8CD689D9B1E896]
"00000000000000000000000000000000"="F:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\Temp\Scd.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\375800BEE64041E488ECA3B971A84B25]
"00000000000000000000000000000000"="F:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccRtkLuM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\SymHTML\2.0\SymHTML.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37EAC0E754159D74BA9B0482109B4BCA]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccIPC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4263EF4B438ECD94F9BF565FB431C3B8]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\525515E6D63F702479352909DC4AA7F6]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcApp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54FB4289D22876C458C32DAB5C654EC9]
"00000000000000000000000000000000"="F:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccSEDLuM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65DF2274B0C528F43B79511D3B3CE3D9]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRkSn.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\730A7EA59305B9048896832C32F81511]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcAlert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\991D4C367341C864B8BB5DCCE96B18D8]
"00000000000000000000000000000000"="F:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccMSLLuM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD19A2C873D9BF140AEC8C62577F29FD]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcLgView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD56F1E1392A7B543A9F870D63051E98]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRes\fallback.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccScanW.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6E51B94B6E97BB4CAC5CBC57FFBC4C5]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\COH\COHClean.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9824D6ED0339E8439514EC7C21E280A]
"00000000000000000000000000000000"="F:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccCmnLuM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB04B02A85E8EE343857E68EC577E9E6]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRkSn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFBB9BF70388C4442AF98C842F6BE284]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\SPManifests\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F61EBB9289ADEB1448B9FAC881ADF9EA]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccSEBind.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB207DC887C40B94189176A66AEA66DB]
"00000000000000000000000000000000"="F:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2D20C315-5915-4839-8C5C-C0B89E69BE6B}\Ndi]
"HelpText"="Symantec Network Security Intermediate Filter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2D20C315-5915-4839-8C5C-C0B89E69BE6B}\Ndi]
"HelpText"="Symantec Network Security Intermediate Filter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2D20C315-5915-4839-8C5C-C0B89E69BE6B}\Ndi]
"HelpText"="Symantec Network Security Intermediate Filter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2D20C315-5915-4839-8C5C-C0B89E69BE6B}\Ndi]
"HelpText"="Symantec Network Security Intermediate Filter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
"List"="System Reserved Boot Bus Extender System Bus Extender SCSI miniport Port Primary Disk SCSI Class SCSI CDROM Class FSFilter Infrastructure FSFilter System FSFilter Bottom FSFilter Copy Protection FSFilter Security Enhancer FSFilter Open File FSFilter Physical Quota Management FSFilter Encryption FSFilter Compression FSFilter HSM FSFilter Cluster File System FSFilter System Recovery FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI Symantec Core Services Symantec Services NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup SmartCardGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
"VDD"="F:\PROGRA~1\Symantec\S32EVNT1.DLL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYMANTEC_CORE_LC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYMANTEC_CORE_LC\0000]
"Service"="Symantec Core LC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYMANTEC_CORE_LC\0000]
"Service"="Symantec Core LC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYMANTEC_CORE_LC\0000]
"Service"="Symantec Core LC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYMANTEC_CORE_LC\0000]
"Service"="Symantec Core LC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Automatic LiveUpdate Scheduler]
"ImagePath"=""F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Automatic LiveUpdate Scheduler]
"ImagePath"=""F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Automatic LiveUpdate Scheduler]
"ImagePath"=""F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Automatic LiveUpdate Scheduler]
"ImagePath"=""F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccEvtMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccEvtMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccEvtMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccEvtMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccEvtMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccEvtMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccEvtMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccSetMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccSetMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccSetMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccSetMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccSetMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccSetMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccSetMgr]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLTNetCnService]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLTNetCnService]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLTNetCnService]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLTNetCnService]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl]
"ImagePath"="\??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl]
"ImagePath"="\??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl]
"ImagePath"="\??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl]
"ImagePath"="\??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Parameters]
"SPManifest"="\??\F:\Program Files\Common Files\Symantec Shared\SPManifests"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Parameters]
"SPManifest"="\??\F:\Program Files\Common Files\Symantec Shared\SPManifests"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EraserUtilRebootDrv]
"ImagePath"="\??\F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EraserUtilRebootDrv]
"ImagePath"="\??\F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Automatic LiveUpdate Scheduler]
"EventMessageFile"="F:\Program Files\Symantec\LiveUpdate\Lang\09\01\AluSchedulerSvcRes.loc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Automatic LiveUpdate Scheduler]
"EventMessageFile"="F:\Program Files\Symantec\LiveUpdate\Lang\09\01\AluSchedulerSvcRes.loc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\comHost]
"EventMessageFile"=""F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="F:\Program Files\Symantec\LiveUpdate\ResLuComServer_3_4.loc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate]
"ImagePath"=""F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate]
"ImagePath"=""F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate]
"ImagePath"=""F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate]
"ImagePath"=""F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate Notice]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate Notice]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate Notice]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate Notice]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate Notice]
"ImagePath"=""F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPBBCDrv]
"ImagePath"="\??\F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPBBCDrv]
"ImagePath"="\??\F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPBBCDrv\Parameters]
"Configuration"="F:\Program Files\Common Files\Symantec Shared\SPBBC\2009-03-18-0a19.kc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SRTSP\Parameters]
"SettingsPath"="F:\Documents and Settings\All Users\Application Data\Symantec\Srtsp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SRTSPL\Parameters]
"SettingsPath"="F:\Documents and Settings\All Users\Application Data\Symantec\Srtsp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symantec Core LC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SYMTDI\Parameters]
"SettingsPath2"="F:\Program Files\Common Files\Symantec Shared\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SYMTDI\Parameters]
"SettingsPath2"="F:\Program Files\Common Files\Symantec Shared\"
[HKEY_USERS\.DEFAULT\Software\Symantec]
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Symantec]
[HKEY_USERS\S-1-5-18\Software\Symantec]

========== FolderFind ==========

Searching for "*Norton*"
F:\Documents and Settings\All Users\Application Data\Norton d----- [14:01 16/12/2009]
F:\Documents and Settings\Kids\Application Data\Symantec\Norton AntiVirus d----- [14:16 15/08/2007]

Searching for "*Symantec*"
F:\Documents and Settings\All Users\Application Data\Symantec d----- [02:42 27/12/2006]
F:\Documents and Settings\Kids\Application Data\Symantec d----- [15:51 27/12/2006]
F:\Documents and Settings\Mom and Dad\Application Data\Symantec d----- [00:01 11/08/2008]
F:\Documents and Settings\Mom and Dad\My Documents\Symantec d----- [02:56 27/12/2006]
F:\Program Files\Common Files\Symantec Shared d----- [02:42 27/12/2006]
F:\Program Files\Symantec d----- [02:39 27/12/2006]

========== Reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DisplayIcon"="F:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe"
"DisplayName"=""
"Publisher"="Intuit, Inc"
"UninstallString"="F:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a"
"URLInfoAbout"="www.turbotax.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboTax 2009]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{03B1B42B-F6DE-41D9-8CFF-DC44E895C7A7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3881DB80-EAA2-012B-ADAE-000000000000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{38975F50-EAA2-012B-ADB4-000000000000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{38A34630-EAA2-012B-ADB6-000000000000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B1D6DF0-EAA2-012B-AE51-000000000000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C5A81D0-EAA2-012B-AE9F-000000000000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052B-02A4-4627-81F2-1818DA5D550D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A149E33D-74B9-4033-9B53-A5DE82864850}]


-=End Of File=-
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby rlmark » February 28th, 2010, 2:48 pm

OTL logfile created on: 2/28/2010 1:25:02 PM - Run 2
OTL by OldTimer - Version 3.1.30.2 Folder = F:\Documents and Settings\Mom and Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
Drive D: | 483.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 149.00 Gb Total Space | 46.76 Gb Free Space | 31.38% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIVINGROOM3
Current User Name: Mom and Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/25 13:45:43 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Mom and Dad\Desktop\OTL.exe
PRC - [2010/02/22 16:11:29 | 000,908,248 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/21 12:14:29 | 001,612,616 | ---- | M] (BitDefender S.R.L.) -- F:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/02/21 12:14:24 | 001,087,864 | ---- | M] (BitDefender S.R.L.) -- F:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/01/20 15:59:34 | 001,120,704 | ---- | M] (BitDefender S.R.L.) -- F:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/08 20:09:42 | 000,305,440 | ---- | M] (Apple Inc.) -- F:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/08 20:09:30 | 000,545,568 | ---- | M] (Apple Inc.) -- F:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/14 17:37:28 | 000,139,264 | ---- | M] () -- F:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/03/09 04:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/09 04:19:17 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- F:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/09 10:52:54 | 000,333,120 | ---- | M] (BillP Studios) -- F:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/09/10 06:37:03 | 000,068,856 | ---- | M] (Google Inc.) -- F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2008/03/06 13:49:12 | 000,081,920 | R--- | M] (Orb Networks) -- F:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
PRC - [2007/10/30 22:37:22 | 001,654,784 | ---- | M] (Belkin) -- F:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
PRC - [2007/09/25 10:35:44 | 001,495,040 | ---- | M] (TiVo Inc.) -- F:\Program Files\TiVo\Desktop\TiVoServer.exe
PRC - [2007/09/25 10:34:16 | 000,384,000 | ---- | M] (TiVo Inc.) -- F:\Program Files\TiVo\Desktop\TiVoNotify.exe
PRC - [2007/09/25 10:33:52 | 001,195,008 | ---- | M] (TiVo Inc.) -- F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
PRC - [2007/09/25 10:33:18 | 000,867,328 | ---- | M] (TiVo Inc.) -- F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- F:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/08 16:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- F:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/03/01 13:34:02 | 000,035,928 | ---- | M] (McAfee, Inc.) -- F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
PRC - [2007/01/23 18:15:21 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/06 04:04:00 | 000,114,741 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2003/06/16 21:02:24 | 000,061,440 | ---- | M] () -- F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (SafeList) ==========

MOD - [2010/02/25 13:45:43 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Mom and Dad\Desktop\OTL.exe
MOD - [2010/02/21 12:14:15 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_extra.m32
MOD - [2010/02/21 12:14:15 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_net.m32
MOD - [2010/02/21 12:14:14 | 000,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_nt.m32
MOD - [2010/02/21 12:14:14 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_base.m32
MOD - [2010/02/21 12:14:13 | 000,319,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_fragments.m32
MOD - [2010/02/21 12:14:12 | 000,217,088 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll
MOD - [2010/02/21 12:14:12 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\plugin_registry.m32
MOD - [2008/10/09 10:53:03 | 000,062,776 | ---- | M] (BillP Studios) -- F:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2007/09/15 06:45:08 | 000,011,552 | ---- | M] () -- F:\Program Files\SiteAdvisor\6172\saHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/21 12:14:29 | 001,612,616 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- F:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2010/01/05 22:18:43 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- F:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/16 10:57:39 | 000,030,192 | ---- | M] (Google) [Disabled | Stopped] -- F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/23 14:45:26 | 000,311,296 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- F:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/10/19 16:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- F:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Disabled | Stopped] -- F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/08 20:09:30 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- F:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/26 13:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- F:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/25 03:02:57 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- F:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/03 13:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- F:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- F:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/16 13:01:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- F:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/03/06 13:49:12 | 000,081,920 | R--- | M] (Orb Networks) [Auto | Running] -- F:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe -- (KodakDigitalDisplayService)
SRV - [2007/09/25 10:33:18 | 000,867,328 | ---- | M] (TiVo Inc.) [Auto | Running] -- F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- F:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [Disabled | Stopped] -- F:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/16 21:02:24 | 000,061,440 | ---- | M] () [Auto | Running] -- F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/04/01 21:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- F:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - [2010/02/21 12:14:31 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/02/21 12:14:31 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/02/21 12:14:27 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/02/13 22:19:42 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/01/21 14:15:02 | 000,058,624 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- F:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/19 16:04:00 | 000,110,984 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/09/22 08:22:06 | 000,083,208 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- F:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/09/01 14:24:34 | 000,118,536 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- F:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/24 11:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- F:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/06/17 07:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/05/25 17:37:02 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\KbdCap.sys -- (kbdcap)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/15 05:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/22 14:13:57 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/05/16 13:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/02/12 02:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008/02/05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/04/03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 12:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/03/09 06:00:00 | 000,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- F:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/10/22 07:22:48 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/10/21 19:58:58 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/21 19:58:52 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/06/13 12:58:04 | 000,162,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2005/01/04 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- F:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/11/24 14:36:42 | 000,044,256 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\CoachVc.sys -- (CoachVc)
DRV - [2004/11/24 14:34:48 | 000,050,976 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\CoachUsb.sys -- (CoachUsb)
DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/08/06 04:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 04:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 04:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 04:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 04:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 04:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 04:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 04:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 04:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 06:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/16 15:42:18 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/07/14 14:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- F:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 14:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- F:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 05:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- F:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2003/06/18 17:52:18 | 000,578,176 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/04/08 13:14:50 | 000,038,656 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\P2k.sys -- (P2k)
DRV - [2002/11/28 20:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/04/01 17:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/09/18 11:00:00 | 000,167,816 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- F:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/07/05 14:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp) Intel(r) Play(tm)
DRV - [2001/07/05 14:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 14:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud) Intel(r) Play(tm) USB Audio Filter (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-21-1275210071-1450960922-725345543-1008\S-1-5-21-1275210071-1450960922-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: F:\Program Files\eMusic Download Manager\xulrunner\components [2009/09/19 19:04:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: F:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/01/07 10:57:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: F:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/02/21 12:20:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010/02/25 17:27:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010/02/22 16:11:55 | 000,000,000 | ---D | M]

[2009/07/12 19:36:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Extensions
[2010/02/27 21:03:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\p0i2ozcu.default\extensions
[2009/12/19 17:11:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\p0i2ozcu.default\extensions\FFToolbar@upromise
[2010/01/12 20:00:45 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/21 14:36:28 | 000,616,340 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 www.a9rhiwa.cn
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 16258 more lines...
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] F:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] F:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [F5D7050v3] F:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [Google Desktop Search] F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [Microsoft Works Update Detection] File not found
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [NvMediaCenter] F:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [P2kAutostart] File not found
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [TivoNotify] F:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [TivoServer] F:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [TivoTransfer] F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\autobahn.lnk = F:\Program Files\Autobahn\autobahn.exe ()
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: F:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1450960922-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1008\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://www.shockwave.com/content/chocol ... 0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... p43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scan ... ProExe.cab (Scanner.SysScanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8842907250 (MUWebControl Class)
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} http://vhost.oddcast.com/admin/hostClientIE.cab (hostCntrlIE Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://support.f-secure.com/enu/home/on ... /fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/di ... erdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://my.firmenich.com/dana-cached/se ... tupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab (Live Collaboration)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
O20 - AppInit_DLLs: (F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - F:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/03 19:29:22 | 000,000,113 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\Shell\AutoRun\command - "" = G:\system32.vbs -- File not found
O33 - MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\Shell\open\command - "" = G:\system32.vbs -- File not found
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell - "" = AutoRun
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell - "" = AutoRun
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 09:07:50 | 000,854,064 | ---- | C] (Symantec Corporation) -- F:\Documents and Settings\Mom and Dad\Desktop\Norton_Removal_Tool.exe
[2010/02/27 08:30:30 | 000,000,000 | ---D | C] -- F:\Rooter$
[2010/02/27 08:29:19 | 000,173,119 | ---- | C] (Eric_71) -- F:\Documents and Settings\Mom and Dad\Desktop\Rooter.exe
[2010/02/27 08:25:48 | 000,177,928 | ---- | C] (Kaspersky Lab) -- F:\Documents and Settings\Mom and Dad\Desktop\TDSSKiller.exe
[2010/02/26 10:41:12 | 000,439,808 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Mom and Dad\Desktop\TFC.exe
[2010/02/25 13:45:42 | 000,549,888 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Mom and Dad\Desktop\OTL.exe
[2010/02/23 21:41:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\My Documents\2009 Taxes
[2010/02/21 12:01:42 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Application Data\BitDefender
[2010/02/21 12:01:42 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\BitDefender
[2010/02/21 11:59:59 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\BitDefender
[2010/02/19 10:10:22 | 000,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/19 10:04:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/02/16 15:33:21 | 000,000,000 | ---D | C] -- F:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/02/15 20:14:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Application Data\Toolbar4
[2010/02/15 19:50:40 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Application Data\Add-in Express Ltd
[2010/02/15 17:30:21 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Application Data\AccurateRip
[2010/02/15 16:20:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\VS Revo Group
[2010/02/15 16:19:03 | 000,027,064 | ---- | C] (VS Revo Group) -- F:\WINDOWS\System32\drivers\revoflt.sys
[2010/02/15 14:27:13 | 000,000,000 | ---D | C] -- F:\Program Files\BitDefender
[2010/02/13 22:19:42 | 000,020,747 | ---- | C] (Meetinghouse Data Communications) -- F:\WINDOWS\System32\drivers\AegisP.sys
[2010/02/13 22:19:39 | 000,451,968 | ---- | C] (Ralink Technology, Corp.) -- F:\WINDOWS\System32\drivers\rt73.sys
[2010/02/13 22:19:25 | 000,000,000 | ---D | C] -- F:\Program Files\Belkin
[2010/02/12 18:00:51 | 000,000,000 | ---D | C] -- F:\Program Files\AirPort
[2010/01/05 22:20:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/04 21:32:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2009/07/22 16:57:50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/01 05:00:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
[2008/11/10 15:54:34 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Application Data\Malwarebytes
[2008/07/12 17:59:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/06/29 16:03:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/22 17:38:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\TiVo Desktop
[2007/03/26 19:09:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/03/17 07:34:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Application Data\SiteAdvisor
[2006/12/26 19:19:24 | 000,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/12 02:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- F:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/02/28 13:30:00 | 000,000,420 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{C85A52A9-DEE3-40ED-93B1-CDF5F6BE7DED}.job
[2010/02/28 13:04:10 | 000,000,868 | ---- | M] () -- F:\WINDOWS\tasks\Google Software Updater.job
[2010/02/28 12:51:18 | 000,100,908 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\SystemLook.exe
[2010/02/28 12:48:36 | 000,179,818 | ---- | M] () -- F:\WINDOWS\System32\nvapps.xml
[2010/02/28 12:46:57 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/02/28 12:46:51 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/02/28 12:45:57 | 000,000,052 | ---- | M] () -- F:\WINDOWS\System32\ashttpstats.csv
[2010/02/28 12:45:02 | 010,223,616 | -H-- | M] () -- F:\Documents and Settings\Mom and Dad\NTUSER.DAT
[2010/02/28 12:45:02 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\Mom and Dad\ntuser.ini
[2010/02/28 09:07:50 | 000,854,064 | ---- | M] (Symantec Corporation) -- F:\Documents and Settings\Mom and Dad\Desktop\Norton_Removal_Tool.exe
[2010/02/27 13:29:40 | 000,177,928 | ---- | M] (Kaspersky Lab) -- F:\Documents and Settings\Mom and Dad\Desktop\TDSSKiller.exe
[2010/02/27 08:31:11 | 000,781,909 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\RSIT.exe
[2010/02/27 08:29:19 | 000,173,119 | ---- | M] (Eric_71) -- F:\Documents and Settings\Mom and Dad\Desktop\Rooter.exe
[2010/02/27 08:18:08 | 000,000,376 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Application Dataprivacy.xml
[2010/02/26 10:41:13 | 000,439,808 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Mom and Dad\Desktop\TFC.exe
[2010/02/25 18:31:04 | 000,293,376 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\c7hmidyj.exe
[2010/02/25 17:06:44 | 000,000,706 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\WinDirStat.lnk
[2010/02/25 13:45:43 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Mom and Dad\Desktop\OTL.exe
[2010/02/23 16:02:05 | 000,000,025 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Application Data\bdfvconp.ini
[2010/02/21 20:16:34 | 000,136,192 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 19:12:56 | 000,878,448 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\BML Feb 2010 - Clip 001.avi.sfk
[2010/02/21 18:38:59 | 000,001,768 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\Default.sfvidcap
[2010/02/21 18:02:03 | 000,000,850 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Application DataProductTweaks.xml
[2010/02/21 18:02:03 | 000,000,385 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Application Datauser_gensett.xml
[2010/02/21 14:36:28 | 000,616,340 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\HOSTS
[2010/02/21 12:17:11 | 000,000,385 | ---- | M] () -- F:\WINDOWS\System32\user_gensett.xml
[2010/02/21 12:14:27 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\WINDOWS\System32\drivers\bdfm.sys
[2010/02/21 12:14:27 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\WINDOWS\System32\drivers\bdhv.sys
[2010/02/21 12:02:40 | 000,001,869 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2010/02/21 11:50:07 | 000,327,327 | ---- | M] () -- F:\BdUninstallTool2010.02.21-11.47.11.reg
[2010/02/21 11:34:01 | 000,026,112 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\girl scout Nut orders.doc
[2010/02/21 11:32:45 | 000,662,451 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\fppatch.exe
[2010/02/19 09:55:45 | 000,001,880 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/02/16 15:47:16 | 000,001,734 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\Hijackthis.lnk
[2010/02/16 15:20:22 | 000,000,004 | ---- | M] () -- F:\WINDOWS\System32\aspdict-en.dat
[2010/02/16 15:10:50 | 000,000,821 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/16 15:07:30 | 000,116,648 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/16 15:04:03 | 000,376,056 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/15 15:30:53 | 000,000,016 | ---- | M] () -- F:\WINDOWS\System32\asdict.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\wsbl.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\phar_unmip.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\phar_histprot.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_white.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_summ.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_spoof.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_sign.slf
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_fuzzy.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ph_black.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pcwords2.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pcwords.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_webproxy.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_video.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_tabloids.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_sign.slf
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_searchengines.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_pornography.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_news.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_im.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_illegal.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_hate.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_games.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_gambling.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\pc_drugs.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ab_sbl.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\ab_bl.sig
[2010/02/15 14:30:38 | 000,525,946 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/15 14:30:38 | 000,445,704 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/02/15 14:30:38 | 000,072,620 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/02/13 22:19:42 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) -- F:\WINDOWS\System32\drivers\AegisP.sys
[2010/02/13 22:19:37 | 000,001,684 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Belkin Wireless Networking Utility.lnk
[2010/02/11 03:08:08 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2010/02/06 19:10:52 | 000,000,720 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\Desktop\Shortcut to DSC00829.JPG.lnk
[2010/02/06 19:09:59 | 000,222,669 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\DSC00829.JPG
[2010/02/06 12:02:18 | 000,106,496 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\GSnutsale.php
[2010/02/02 07:46:22 | 000,114,176 | ---- | M] () -- F:\Documents and Settings\Mom and Dad\My Documents\secert buddy card.php

========== Files Created - No Company Name ==========

[2010/02/28 12:51:17 | 000,100,908 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Desktop\SystemLook.exe
[2010/02/27 08:31:11 | 000,781,909 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Desktop\RSIT.exe
[2010/02/25 18:31:04 | 000,293,376 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Desktop\c7hmidyj.exe
[2010/02/25 17:06:44 | 000,000,706 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Desktop\WinDirStat.lnk
[2010/02/23 16:02:05 | 000,000,025 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\bdfvconp.ini
[2010/02/21 18:38:33 | 000,878,448 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\My Documents\BML Feb 2010 - Clip 001.avi.sfk
[2010/02/21 18:02:03 | 000,000,850 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application DataProductTweaks.xml
[2010/02/21 18:02:03 | 000,000,385 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Datauser_gensett.xml
[2010/02/21 18:02:03 | 000,000,376 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Dataprivacy.xml
[2010/02/21 12:17:11 | 000,000,385 | ---- | C] () -- F:\WINDOWS\System32\user_gensett.xml
[2010/02/21 12:02:40 | 000,001,869 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2010/02/21 11:47:11 | 000,327,327 | ---- | C] () -- F:\BdUninstallTool2010.02.21-11.47.11.reg
[2010/02/21 11:36:48 | 000,225,784 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/21 11:34:00 | 000,026,112 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\My Documents\girl scout Nut orders.doc
[2010/02/21 11:32:44 | 000,662,451 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Desktop\fppatch.exe
[2010/02/19 09:55:45 | 000,001,880 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/02/16 15:20:22 | 000,000,004 | ---- | C] () -- F:\WINDOWS\System32\aspdict-en.dat
[2010/02/15 16:19:04 | 000,000,821 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/15 15:30:53 | 000,000,016 | ---- | C] () -- F:\WINDOWS\System32\asdict.dat
[2010/02/15 14:46:34 | 000,000,052 | ---- | C] () -- F:\WINDOWS\System32\ashttpstats.csv
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\wsbl.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\phar_unmip.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\phar_histprot.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_white.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_summ.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_spoof.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_sign.slf
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_fuzzy.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_black.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pcwords2.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pcwords.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_webproxy.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_video.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_tabloids.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_sign.slf
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_searchengines.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_pornography.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_news.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_im.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_illegal.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_hate.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_games.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_gambling.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pc_drugs.dat
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ab_sbl.sig
[2010/02/15 14:44:17 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ab_bl.sig
[2010/02/13 22:19:37 | 000,001,684 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Belkin Wireless Networking Utility.lnk
[2010/02/13 22:19:36 | 000,200,704 | ---- | C] () -- F:\WINDOWS\System32\UpdateDriver.exe
[2010/02/13 22:19:36 | 000,005,224 | ---- | C] () -- F:\WINDOWS\System32\ucuiinfo.ini
[2010/02/06 19:10:52 | 000,000,720 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Desktop\Shortcut to DSC00829.JPG.lnk
[2010/02/06 19:10:29 | 000,222,669 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\My Documents\DSC00829.JPG
[2010/02/05 14:38:03 | 000,106,496 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\My Documents\GSnutsale.php
[2010/02/02 07:46:08 | 000,114,176 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\My Documents\secert buddy card.php
[2009/11/06 16:53:27 | 001,970,176 | ---- | C] () -- F:\WINDOWS\System32\d3dx9.dll
[2009/06/17 14:12:09 | 000,000,368 | ---- | C] () -- F:\WINDOWS\pagebreeze.ini
[2009/06/17 14:12:09 | 000,000,044 | ---- | C] () -- F:\WINDOWS\formbreeze.ini
[2009/05/30 15:14:57 | 000,000,293 | ---- | C] () -- F:\WINDOWS\AndreaMosaic.INI
[2009/05/27 15:31:31 | 000,000,141 | ---- | C] () -- F:\WINDOWS\thinkfst.ini
[2009/05/27 11:56:42 | 000,508,200 | ---- | C] () -- F:\WINDOWS\System32\ICCProfiles.dll
[2009/05/25 17:37:02 | 000,109,440 | ---- | C] () -- F:\WINDOWS\System32\drivers\KbdCap.sys
[2009/05/20 14:50:28 | 000,000,176 | -HS- | C] () -- F:\WINDOWS\WSYS049.SYS
[2009/02/11 15:15:33 | 000,000,937 | ---- | C] () -- F:\WINDOWS\ProxyChecker.INI
[2009/01/28 15:38:24 | 000,765,952 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2009/01/28 15:38:22 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- F:\WINDOWS\System32\txmlutil.dll
[2008/09/30 17:17:12 | 012,816,405 | ---- | C] () -- F:\Program Files\themehospital-demo.zip
[2008/09/30 17:16:27 | 012,816,405 | ---- | C] () -- F:\Program Files\hospital.zip
[2008/09/30 17:08:50 | 007,502,919 | ---- | C] () -- F:\Program Files\theme.zip
[2008/09/23 08:03:07 | 000,084,677 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/09/23 08:03:07 | 000,000,227 | ---- | C] () -- F:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/09/23 07:57:54 | 000,002,927 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\PatchUpdate_InstantShareJPG.log
[2008/09/23 07:57:54 | 000,000,214 | ---- | C] () -- F:\WINDOWS\HP_InstantSHareJPG.ini
[2008/09/23 07:57:23 | 000,003,702 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\PatchUpdate_IZClosingDiscError.log
[2008/09/23 07:57:23 | 000,000,217 | ---- | C] () -- F:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/09/23 07:48:04 | 000,040,133 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/09/23 07:48:04 | 000,000,221 | ---- | C] () -- F:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/07/11 20:54:54 | 000,001,631 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\autobahn.log
[2008/06/17 07:34:53 | 000,000,836 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Application Data\ViewerApp.dat
[2008/01/20 17:08:39 | 000,061,952 | ---- | C] () -- F:\WINDOWS\rbap350.dll
[2008/01/20 17:04:47 | 000,061,952 | ---- | C] () -- F:\WINDOWS\System32\rbap350.dll
[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- F:\WINDOWS\bdoscandellang.ini
[2007/10/26 15:11:38 | 000,000,021 | ---- | C] () -- F:\WINDOWS\atid.ini
[2007/09/29 21:04:37 | 000,001,506 | ---- | C] () -- F:\WINDOWS\SKCMSUSR.INI
[2007/09/18 18:43:42 | 000,000,034 | ---- | C] () -- F:\WINDOWS\iTunesQLoudEx.INI
[2007/09/09 13:23:55 | 000,749,568 | ---- | C] () -- F:\WINDOWS\System32\swfgen.dll
[2007/08/15 14:00:23 | 000,000,327 | ---- | C] () -- F:\WINDOWS\SIERRA.INI
[2007/08/15 13:58:56 | 000,000,060 | ---- | C] () -- F:\WINDOWS\Constrct.ini
[2007/07/27 16:52:57 | 000,000,000 | ---- | C] () -- F:\WINDOWS\SETUP32.INI
[2007/07/26 09:07:48 | 000,040,960 | ---- | C] () -- F:\WINDOWS\System32\IDMC1Reg.dll
[2007/07/11 12:06:11 | 000,000,000 | ---- | C] () -- F:\WINDOWS\DVEdit.INI
[2007/07/11 11:48:33 | 000,024,576 | ---- | C] () -- F:\WINDOWS\System32\IcdSptSvps.dll
[2007/07/11 11:48:32 | 000,122,880 | ---- | C] () -- F:\WINDOWS\System32\trc.dll
[2007/07/11 11:48:32 | 000,081,920 | ---- | C] () -- F:\WINDOWS\System32\dsp_trc.dll
[2007/06/25 20:06:25 | 000,094,208 | ---- | C] () -- F:\WINDOWS\System32\HWDiag.dll
[2007/06/25 20:06:25 | 000,027,648 | ---- | C] () -- F:\WINDOWS\System32\UsbReady.dll
[2007/06/25 17:42:30 | 000,065,536 | R--- | C] () -- F:\WINDOWS\System32\bmpproc.dll
[2007/04/18 16:22:14 | 000,000,361 | ---- | C] () -- F:\WINDOWS\KNP.INI
[2007/04/16 07:49:23 | 000,176,235 | ---- | C] () -- F:\WINDOWS\System32\Primomonnt.dll
[2007/04/13 22:04:12 | 000,003,654 | ---- | C] () -- F:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/03/29 13:16:47 | 000,000,865 | ---- | C] () -- F:\WINDOWS\hegames.ini
[2007/03/27 13:42:21 | 000,000,043 | ---- | C] () -- F:\WINDOWS\gswin32.ini
[2007/03/01 04:17:48 | 000,974,848 | ---- | C] () -- F:\WINDOWS\System32\vorbis.dll
[2007/03/01 04:17:48 | 000,880,640 | ---- | C] () -- F:\WINDOWS\System32\vorbisenc.dll
[2007/03/01 04:17:48 | 000,049,152 | ---- | C] () -- F:\WINDOWS\System32\ogg.dll
[2007/03/01 04:16:58 | 000,765,952 | ---- | C] () -- F:\WINDOWS\System32\tvqenc.dll
[2007/02/17 13:34:32 | 000,000,356 | ---- | C] () -- F:\WINDOWS\TLCAPPS.INI
[2007/02/17 13:11:16 | 000,000,601 | ---- | C] () -- F:\WINDOWS\Rrk.ini
[2007/02/10 13:42:28 | 000,027,648 | ---- | C] () -- F:\WINDOWS\System32\AVSredirect.dll
[2007/02/10 13:42:27 | 000,845,312 | ---- | C] () -- F:\WINDOWS\System32\Smab.dll
[2007/02/10 09:16:02 | 000,000,344 | ---- | C] () -- F:\WINDOWS\QTW.INI
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- F:\WINDOWS\System32\xreglib.dll
[2007/01/23 18:19:53 | 000,000,810 | ---- | C] () -- F:\WINDOWS\cdplayer.ini
[2007/01/20 18:38:48 | 000,136,192 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/18 12:15:56 | 000,000,117 | ---- | C] () -- F:\WINDOWS\KA.INI
[2007/01/12 10:24:16 | 000,001,581 | ---- | C] () -- F:\WINDOWS\disney.ini
[2007/01/07 08:12:19 | 000,017,408 | ---- | C] () -- F:\WINDOWS\System32\shctxex.dll
[2007/01/07 08:12:17 | 000,073,728 | ---- | C] () -- F:\WINDOWS\System32\DetectDxQT.dll
[2007/01/07 08:04:15 | 000,363,520 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2006/12/27 01:54:35 | 000,006,174 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/26 19:50:42 | 000,000,144 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2006/12/26 19:45:04 | 000,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2006/12/26 19:32:34 | 000,000,134 | ---- | C] () -- F:\Documents and Settings\Mom and Dad\Local Settings\Application Data\fusioncache.dat
[2006/12/26 19:24:22 | 000,001,191 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/06 17:49:36 | 000,000,310 | ---- | C] () -- F:\WINDOWS\primopdf.ini
[2005/12/10 03:06:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 03:06:00 | 001,486,848 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2005/12/10 03:06:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2005/12/10 03:06:00 | 000,573,440 | ---- | C] () -- F:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 03:06:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2005/12/10 03:06:00 | 000,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- F:\WINDOWS\System32\hpzidi01.dll
[2004/03/23 16:49:48 | 000,131,072 | ---- | C] () -- F:\WINDOWS\System32\sfarkxt.dll
[2004/03/23 16:49:47 | 000,068,096 | ---- | C] () -- F:\WINDOWS\System32\SFARKL.DLL
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- F:\WINDOWS\System32\lame_enc.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/02/25 17:24:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Administrator.LIVINGROOM3\Application Data\BitDefender
[2009/02/06 22:09:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Acronis
[2010/02/21 12:06:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\BitDefender
[2009/09/10 02:05:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\KEDDS
[2007/12/23 20:47:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\MakeMusic
[2009/08/31 17:31:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Nitro PDF
[2008/12/24 11:15:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/05/07 16:26:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/06/09 15:08:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\RoboForm
[2007/01/20 18:40:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/02/16 15:31:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/22 17:42:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TiVo
[2009/03/23 20:49:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/22 14:37:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\vsosdk
[2010/01/04 21:32:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Western Digital
[2007/01/19 15:16:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WildTangent
[2007/12/08 08:18:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/19 19:09:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/28 18:30:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/07/26 08:57:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\acccore
[2009/02/06 22:13:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Acronis
[2009/05/01 14:09:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Add-in Express Ltd
[2009/12/31 21:35:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Any Video Converter
[2010/02/25 17:51:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\BitDefender
[2009/02/04 20:43:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\CoffeeCup Software
[2008/10/23 15:19:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\CoreFTP
[2007/01/07 16:50:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Eltima Software
[2008/12/23 16:59:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\eMusic
[2009/05/29 17:28:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\FileZilla
[2007/11/10 08:30:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\GetRightToGo
[2008/11/23 13:48:09 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\HTML Executable
[2009/05/06 14:25:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\ieSpell
[2009/05/16 16:03:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\ImgBurn
[2009/02/03 15:32:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Launchy
[2007/01/27 19:46:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Leadertech
[2009/05/29 06:45:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2007/04/21 15:45:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Mobipocket
[2007/07/31 15:17:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\MonkeyJam
[2007/01/07 17:26:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\MoyeaFLV2Video
[2009/08/31 17:33:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Nitro PDF
[2008/01/18 18:16:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\OverDrive
[2007/01/07 08:09:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Publish Providers
[2008/01/17 18:58:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\rockbox.org
[2007/04/03 14:11:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Shockwave.com
[2007/04/03 13:16:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Simple Star
[2007/10/13 07:31:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Sony
[2009/07/27 16:15:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\uTorrent
[2007/09/13 13:39:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Viewpoint
[2008/10/22 14:14:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\Vso
[2007/12/23 20:18:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\WebStripper
[2008/11/28 09:13:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Kids\Application Data\WinPatrol
[2010/02/15 19:50:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Add-in Express Ltd
[2009/11/04 18:25:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Any Video Converter
[2007/08/07 14:35:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\bang
[2010/02/21 12:01:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\BitDefender
[2007/01/20 09:13:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Eltima Software
[2009/08/29 10:01:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\ImgBurn
[2008/10/02 16:50:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Juniper Networks
[2007/01/20 09:37:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\MoyeaFLV2Video
[2007/01/15 13:32:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Publish Providers
[2007/10/11 19:52:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\ServantPC
[2007/01/11 20:28:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Shockwave.com
[2009/03/17 19:12:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Sony
[2010/02/15 20:14:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Toolbar4
[2008/06/02 15:24:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\upromise
[2010/01/04 21:33:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\Western Digital
[2008/11/10 16:26:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Mom and Dad\Application Data\WinPatrol
[2010/02/28 13:30:00 | 000,000,420 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{C85A52A9-DEE3-40ED-93B1-CDF5F6BE7DED}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby rlmark » February 28th, 2010, 2:49 pm

OTL Extras logfile created on: 2/28/2010 1:25:02 PM - Run 2
OTL by OldTimer - Version 3.1.30.2 Folder = F:\Documents and Settings\Mom and Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
Drive D: | 483.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 149.00 Gb Total Space | 46.76 Gb Free Space | 31.38% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIVINGROOM3
Current User Name: Mom and Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- F:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\TiVo\Desktop\TiVoServer.exe" = F:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server Service Process -- (TiVo Inc.)
"G:\Program Files\uTorrent\uTorrent.exe" = G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"H:\Program Files\uTorrent\uTorrent.exe" = H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"H:\utorrent.exe" = H:\utorrent.exe:*:Enabled:µTorrent -- File not found
"I:\Program Files\uTorrent\uTorrent.exe" = I:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"I:\utorrent.exe" = I:\utorrent.exe:*:Enabled:µTorrent -- File not found
"F:\Program Files\Bonjour\mDNSResponder.exe" = F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"F:\Program Files\Autobahn\autobahn.exe" = F:\Program Files\Autobahn\autobahn.exe:*:Enabled:autobahn -- ()
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\Program Files\Google\Google Talk\googletalk.exe" = F:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"F:\Program Files\AirPort\APAgent.exe" = F:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.)
"F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41D9-8CFF-DC44E895C7A7}" = PhotoGallery
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B1D6DF0-EAA2-012B-AE51-000000000000}" = TurboTax 2009 wnjiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A149E33D-74B9-4033-9B53-A5DE82864850}" = BitDefender Internet Security 2010
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HijackThis" = HijackThis 2.0.2
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"TurboTax 2009" = TurboTax 2009

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.0.0" = Juniper Networks Cache Cleaner 6.0.0
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2010 1:31:04 PM | Computer Name = LIVINGROOM3 | Source = ESENT | ID = 489
Description = wuauclt (2180) An attempt to open the file "F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/26/2010 1:31:04 PM | Computer Name = LIVINGROOM3 | Source = ESENT | ID = 455
Description = wuaueng.dll (2180) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2/26/2010 1:31:14 PM | Computer Name = LIVINGROOM3 | Source = ESENT | ID = 489
Description = wuauclt (2180) An attempt to open the file "F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/26/2010 1:31:14 PM | Computer Name = LIVINGROOM3 | Source = ESENT | ID = 455
Description = wuaueng.dll (2180) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ Application Events ]
Error - 2/26/2010 1:31:04 PM | Computer Name = LIVINGROOM3 | Source = ESENT | ID = 489
Description = wuauclt (2180) An attempt to open the file "F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/26/2010 1:31:04 PM | Computer Name = LIVINGROOM3 | Source = ESENT | ID = 455
Description = wuaueng.dll (2180) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2/26/2010 1:31:14 PM | Computer Name = LIVINGROOM3 | Source = ESENT | ID = 489
Description = wuauclt (2180) An attempt to open the file "F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/26/2010 1:31:14 PM | Computer Name = LIVINGROOM3 | Source = ESENT | ID = 455
Description = wuaueng.dll (2180) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 2/26/2010 3:31:43 PM | Computer Name = LIVINGROOM3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/26/2010 9:00:32 PM | Computer Name = LIVINGROOM3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2010 9:00:41 PM | Computer Name = LIVINGROOM3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2010 9:00:50 PM | Computer Name = LIVINGROOM3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2010 9:00:58 PM | Computer Name = LIVINGROOM3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/26/2010 9:01:02 PM | Computer Name = LIVINGROOM3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/27/2010 5:16:16 AM | Computer Name = LIVINGROOM3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2/28/2010 5:10:09 AM | Computer Name = LIVINGROOM3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2/28/2010 7:39:42 AM | Computer Name = LIVINGROOM3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2/28/2010 10:23:23 AM | Computer Name = LIVINGROOM3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.


< End of report >
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby Gary R » February 28th, 2010, 2:58 pm

Thanks for the logs. I'm going to be out for the rest of the evening (my time), so it will be tomorrow at the earliest before I can go through them all and create a fix for removing any remnants and other issues that they might reveal.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: REALLY weird stuff happening...

Unread postby Gary R » March 1st, 2010, 6:59 am

OK, lets remove the Norton Remnants.

First

Before we make any changes I'd like you to back up your Registry.

  • Download ERUNT to your desktop
  • Double-click on the file to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt
  • Accept the defaults for running a backup
  • Erunt will then backup your registry

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec]
[-HKEY_USERS\.DEFAULT\Software\Symantec]
[-HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Symantec]
[-HKEY_USERS\S-1-5-18\Software\Symantec]
[-HKEY_CURRENT_USER\Software\Symantec]
[-HKEY_CURRENT_USER\Software\Norton]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security]
[HKEY_CURRENT_USER\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000]
"Name"=-
[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
"FriendlyName"=-
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000]
"Name"=-
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
"FriendlyName"=-
[-HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security]
[-HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Norton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03F08AFA727A5B642B4CBC4081F6FC28]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09F7959FCF8DD344CA0709D3A579D513]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1012F61D6BA9D35438B17D18E9BF2FBC]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150981835B325EE4FBC8241B735128CA]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251AC011B2164247AE55D2AD7ECA1D4]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2837C8EE11C3BDF468EB1B4F4C24E909]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\291B9C31066593C45A818A8C87B1856B]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BBDF08A38AB2464EA8CD689D9B1E896]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\375800BEE64041E488ECA3B971A84B25]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37EAC0E754159D74BA9B0482109B4BCA]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4263EF4B438ECD94F9BF565FB431C3B8]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\525515E6D63F702479352909DC4AA7F6]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54FB4289D22876C458C32DAB5C654EC9]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65DF2274B0C528F43B79511D3B3CE3D9]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\730A7EA59305B9048896832C32F81511]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\991D4C367341C864B8BB5DCCE96B18D8]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD19A2C873D9BF140AEC8C62577F29FD]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD56F1E1392A7B543A9F870D63051E98]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6E51B94B6E97BB4CAC5CBC57FFBC4C5]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9824D6ED0339E8439514EC7C21E280A]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB04B02A85E8EE343857E68EC577E9E6]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFBB9BF70388C4442AF98C842F6BE284]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F61EBB9289ADEB1448B9FAC881ADF9EA]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB207DC887C40B94189176A66AEA66DB]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Program Files\uTorrent\uTorrent.exe"=-
"H:\Program Files\uTorrent\uTorrent.exe"=-
"H:\utorrent.exe"=-
"I:\Program Files\uTorrent\uTorrent.exe"=-
"I:\utorrent.exe"=-

:Files
F:\Documents and Settings\All Users\Application Data\Norton
F:\Documents and Settings\Kids\Application Data\Symantec\Norton AntiVirus
F:\Documents and Settings\All Users\Application Data\Symantec
F:\Documents and Settings\Kids\Application Data\Symantec
F:\Documents and Settings\Mom and Dad\Application Data\Symantec
F:\Documents and Settings\Mom and Dad\My Documents\Symantec
F:\Program Files\Common Files\Symantec Shared
F:\Program Files\Symantec

:OTL
O3 - HKLM\..\Toolbar: (no name) - {4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} - No CLSID value found.
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1004\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1450960922-725345543-1008\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O33 - MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\Shell\AutoRun\command - "" = G:\system32.vbs -- File not found
O33 - MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\Shell\open\command - "" = G:\system32.vbs -- File not found
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell - "" = AutoRun
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell - "" = AutoRun
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found

:Commands
[EmptyTemp]
[CreateRestorePoint]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

If OTL does not re-boot your computer, please reboot it manually.

Next

I'd like you to check a file for Viruses.
C:\Program Files\MediaCoder\SysInfo.sys

  • Copy/Paste the first filepath in the quote box above into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Post me the details please.

Next

Please do a scan with ESET Online Scanner
Note: The scan will only work with Internet Explorer
  • Check the box "Yes, I accept the Terms of Use" and click Start
  • Accept the ActiveX by clicking the yellow bar at the top.
  • Install the software when prompted.
  • Read the Welcome notice and then click Start to download the necessary components.
  • When download is complete, make sure Remove found threats stays Unchecked.
  • Click Start to begin the scan.
  • After the scan completes, the Details tab in the Results window will display what was found.
  • A file will also be saved at: C:/Program Files/ESET/ESET Online Scanner /log.txt
  • Please post me the content of that file.

Summary of the logs I need from you in your next post:
  • OTL log
  • Results from VirusTotal or Jotti's
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: REALLY weird stuff happening...

Unread postby rlmark » March 1st, 2010, 9:32 pm

OK, the ESET scan is running now, but I thought i'd get you the rest of the logs in the meantime.

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Symantec\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Symantec\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Symantec\ not found.
Registry key HKEY_CURRENT_USER\Software\Symantec\ not found.
Registry key HKEY_CURRENT_USER\Software\Norton\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security\ deleted successfully.
Registry value HKEY_CURRENT_USER\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\\Name deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug\\FriendlyName deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\\Name not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug\\FriendlyName not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security\ not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Norton\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03F08AFA727A5B642B4CBC4081F6FC28\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09F7959FCF8DD344CA0709D3A579D513\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1012F61D6BA9D35438B17D18E9BF2FBC\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150981835B325EE4FBC8241B735128CA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251AC011B2164247AE55D2AD7ECA1D4\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2837C8EE11C3BDF468EB1B4F4C24E909\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\291B9C31066593C45A818A8C87B1856B\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BBDF08A38AB2464EA8CD689D9B1E896\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\375800BEE64041E488ECA3B971A84B25\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37EAC0E754159D74BA9B0482109B4BCA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4263EF4B438ECD94F9BF565FB431C3B8\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\525515E6D63F702479352909DC4AA7F6\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54FB4289D22876C458C32DAB5C654EC9\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65DF2274B0C528F43B79511D3B3CE3D9\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\730A7EA59305B9048896832C32F81511\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\991D4C367341C864B8BB5DCCE96B18D8\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD19A2C873D9BF140AEC8C62577F29FD\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD56F1E1392A7B543A9F870D63051E98\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6E51B94B6E97BB4CAC5CBC57FFBC4C5\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9824D6ED0339E8439514EC7C21E280A\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB04B02A85E8EE343857E68EC577E9E6\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFBB9BF70388C4442AF98C842F6BE284\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F61EBB9289ADEB1448B9FAC881ADF9EA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB207DC887C40B94189176A66AEA66DB\\00000000000000000000000000000000 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\utorrent.exe deleted successfully.
========== FILES ==========
F:\Documents and Settings\All Users\Application Data\Norton\{NIS_prod_1.19_17.1.0.19} folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton\_lck folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\Norton AntiVirus\Tasks folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\Norton AntiVirus folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Symantec\SubEng folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\NPMDataStore folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Mom and Dad\Application Data\Symantec\NPMDataStore folder moved successfully.
F:\Documents and Settings\Mom and Dad\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Mom and Dad\My Documents\Symantec folder moved successfully.
F:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
F:\Program Files\Common Files\Symantec Shared folder moved successfully.
F:\Program Files\Symantec\DownloadManager folder moved successfully.
F:\Program Files\Symantec folder moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
File G:\system32.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
File G:\system32.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
File G:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
File I:\WD SmartWare.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.LIVINGROOM3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Brett
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69617 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: kodak
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mom and Dad
->Temp folder emptied: 20658570 bytes
->Temporary Internet Files folder emptied: 6922735 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30246867 bytes
->Apple Safari cache emptied: 32616019 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 500608 bytes

Total Files Cleaned = 87.00 mb

Restore point Set: OTL Restore Point (64424509440)

OTL by OldTimer - Version 3.1.30.2 log created on 03012010_200321

Files\Folders moved on Reboot...
File move failed. F:\Documents and Settings\kodak\Local Settings\Temp\Perflib_Perfdata_6ac.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby rlmark » March 1st, 2010, 9:34 pm

OK, the ESET scan is running now, but I thought i'd get you the rest of the logs in the meantime.

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Symantec\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Symantec\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Symantec\ not found.
Registry key HKEY_CURRENT_USER\Software\Symantec\ not found.
Registry key HKEY_CURRENT_USER\Software\Norton\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security\ deleted successfully.
Registry value HKEY_CURRENT_USER\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\\Name deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug\\FriendlyName deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\\Name not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug\\FriendlyName not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security\ not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Norton\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03F08AFA727A5B642B4CBC4081F6FC28\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09F7959FCF8DD344CA0709D3A579D513\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1012F61D6BA9D35438B17D18E9BF2FBC\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150981835B325EE4FBC8241B735128CA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251AC011B2164247AE55D2AD7ECA1D4\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2837C8EE11C3BDF468EB1B4F4C24E909\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\291B9C31066593C45A818A8C87B1856B\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BBDF08A38AB2464EA8CD689D9B1E896\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\375800BEE64041E488ECA3B971A84B25\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37EAC0E754159D74BA9B0482109B4BCA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4263EF4B438ECD94F9BF565FB431C3B8\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\525515E6D63F702479352909DC4AA7F6\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54FB4289D22876C458C32DAB5C654EC9\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65DF2274B0C528F43B79511D3B3CE3D9\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\730A7EA59305B9048896832C32F81511\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\991D4C367341C864B8BB5DCCE96B18D8\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD19A2C873D9BF140AEC8C62577F29FD\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD56F1E1392A7B543A9F870D63051E98\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6E51B94B6E97BB4CAC5CBC57FFBC4C5\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9824D6ED0339E8439514EC7C21E280A\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB04B02A85E8EE343857E68EC577E9E6\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFBB9BF70388C4442AF98C842F6BE284\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F61EBB9289ADEB1448B9FAC881ADF9EA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB207DC887C40B94189176A66AEA66DB\\00000000000000000000000000000000 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\utorrent.exe deleted successfully.
========== FILES ==========
F:\Documents and Settings\All Users\Application Data\Norton\{NIS_prod_1.19_17.1.0.19} folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton\_lck folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\Norton AntiVirus\Tasks folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\Norton AntiVirus folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Symantec\SubEng folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\NPMDataStore folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Mom and Dad\Application Data\Symantec\NPMDataStore folder moved successfully.
F:\Documents and Settings\Mom and Dad\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Mom and Dad\My Documents\Symantec folder moved successfully.
F:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
F:\Program Files\Common Files\Symantec Shared folder moved successfully.
F:\Program Files\Symantec\DownloadManager folder moved successfully.
F:\Program Files\Symantec folder moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
File G:\system32.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
File G:\system32.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
File G:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
File I:\WD SmartWare.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.LIVINGROOM3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Brett
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69617 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: kodak
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mom and Dad
->Temp folder emptied: 20658570 bytes
->Temporary Internet Files folder emptied: 6922735 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30246867 bytes
->Apple Safari cache emptied: 32616019 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 500608 bytes

Total Files Cleaned = 87.00 mb

Restore point Set: OTL Restore Point (64424509440)

OTL by OldTimer - Version 3.1.30.2 log created on 03012010_200321

Files\Folders moved on Reboot...
File move failed. F:\Documents and Settings\kodak\Local Settings\Temp\Perflib_Perfdata_6ac.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby rlmark » March 1st, 2010, 9:35 pm

OK, the ESET scan is running now, but I thought i'd get you the rest of the logs in the meantime.

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Symantec\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Symantec\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Symantec\ not found.
Registry key HKEY_CURRENT_USER\Software\Symantec\ not found.
Registry key HKEY_CURRENT_USER\Software\Norton\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security\ deleted successfully.
Registry value HKEY_CURRENT_USER\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\\Name deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug\\FriendlyName deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Identities\{41001FB9-B2E2-49E1-983C-1B0B0A90A6E0}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\\Name not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug\\FriendlyName not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Internet Security\ not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1004\Software\Norton\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03F08AFA727A5B642B4CBC4081F6FC28\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09F7959FCF8DD344CA0709D3A579D513\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1012F61D6BA9D35438B17D18E9BF2FBC\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150981835B325EE4FBC8241B735128CA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251AC011B2164247AE55D2AD7ECA1D4\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2837C8EE11C3BDF468EB1B4F4C24E909\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\291B9C31066593C45A818A8C87B1856B\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BBDF08A38AB2464EA8CD689D9B1E896\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\375800BEE64041E488ECA3B971A84B25\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37EAC0E754159D74BA9B0482109B4BCA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4263EF4B438ECD94F9BF565FB431C3B8\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\525515E6D63F702479352909DC4AA7F6\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54FB4289D22876C458C32DAB5C654EC9\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65DF2274B0C528F43B79511D3B3CE3D9\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\730A7EA59305B9048896832C32F81511\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\991D4C367341C864B8BB5DCCE96B18D8\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD19A2C873D9BF140AEC8C62577F29FD\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD56F1E1392A7B543A9F870D63051E98\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6E51B94B6E97BB4CAC5CBC57FFBC4C5\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9824D6ED0339E8439514EC7C21E280A\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB04B02A85E8EE343857E68EC577E9E6\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFBB9BF70388C4442AF98C842F6BE284\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F61EBB9289ADEB1448B9FAC881ADF9EA\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB207DC887C40B94189176A66AEA66DB\\00000000000000000000000000000000 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\utorrent.exe deleted successfully.
========== FILES ==========
F:\Documents and Settings\All Users\Application Data\Norton\{NIS_prod_1.19_17.1.0.19} folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton\_lck folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Norton folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\Norton AntiVirus\Tasks folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\Norton AntiVirus folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Symantec\SubEng folder moved successfully.
F:\Documents and Settings\All Users\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec\NPMDataStore folder moved successfully.
F:\Documents and Settings\Kids\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Mom and Dad\Application Data\Symantec\NPMDataStore folder moved successfully.
F:\Documents and Settings\Mom and Dad\Application Data\Symantec folder moved successfully.
F:\Documents and Settings\Mom and Dad\My Documents\Symantec folder moved successfully.
F:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
F:\Program Files\Common Files\Symantec Shared folder moved successfully.
F:\Program Files\Symantec\DownloadManager folder moved successfully.
F:\Program Files\Symantec folder moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
File G:\system32.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c759cc0-e364-11dd-ab37-000cf1b64644}\ not found.
File G:\system32.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99743-f0d6-11de-abc0-000cf1b64644}\ not found.
File G:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68d99781-f0d6-11de-abc0-000cf1b64644}\ not found.
File I:\WD SmartWare.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.LIVINGROOM3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Brett
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69617 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: kodak
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mom and Dad
->Temp folder emptied: 20658570 bytes
->Temporary Internet Files folder emptied: 6922735 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30246867 bytes
->Apple Safari cache emptied: 32616019 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 500608 bytes

Total Files Cleaned = 87.00 mb

Restore point Set: OTL Restore Point (64424509440)

OTL by OldTimer - Version 3.1.30.2 log created on 03012010_200321

Files\Folders moved on Reboot...
File move failed. F:\Documents and Settings\kodak\Local Settings\Temp\Perflib_Perfdata_6ac.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: REALLY weird stuff happening...

Unread postby rlmark » March 1st, 2010, 9:37 pm

I also scanned that file using VirusTotal, and it came back with a 0/42 result. I thought it would be redundant to post that log here :p

If the ESET scan comes back clean, do I just assume that my problems are non-malware related?

Thanks again for all the help so far!
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 353 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware