Hard drive diagnostic problem

I have been having problems since Sat. I followed what you were telling other people and sent my log. Can you please help me. OTL Extras logfile created on: 12/6/2010 7:28:46 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = F:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive D: | 200.43 Gb Total Space | 200.22 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive E: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 97.65 Gb Total Space | 64.30 Gb Free Space | 65.85% Space Free | Partition Type: NTFS

Computer Name: ashley | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =

"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Microsoft ActiveSync\rapimgr.exe" = F:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01949445-CB7F-436B-8ECC-771BE6184BBC}" = AT&T Connect Participant Application v8.8.53
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.28
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94A61BF7-F8EE-46D1-944B-C765A7FF117A}" = STOPzilla
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = PowerDVD
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5
"{FBB6663C-33BE-408B-811D-CCFDEE046F3F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Acrobat Reader for Pocket PC 1.0" = Adobe Acrobat Reader for Pocket PC 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar 5.0
"AIMTunes" = AIMTunes
"ATT" = AT&T U-verse Setup
"ATT-PRT22" = ATT-PRT22
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"FreeRingers.net Easy Image Relay_is1" = Easy Image Relay v1.1
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"Reader Mobile for Windows Mobile 5.0" = Reader Mobile for Windows Mobile 5.0
"RealPlayer 6.0" = RealOne Player
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2010 5:29:41 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 3:29:41 PM

Error - 12/6/2010 5:29:42 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 3:29:42 PM

Error - 12/6/2010 5:29:43 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 3:29:43 PM

Error - 12/6/2010 7:20:13 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 7:20:15 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 9:12:20 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:12:20 PM

Error - 12/6/2010 9:13:13 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:13:13 PM

Error - 12/6/2010 9:14:20 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 9:18:11 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:18:11 PM

Error - 12/6/2010 9:18:11 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\PROGRA~1\SYMANT~1\VPTray.exe
Event
Info: Open Process Action Taken: Blocked Actor Process: F:\Program Files\Microsoft
Security Essentials\MsMpEng.exe (PID 1144) Time: Monday, December 06, 2010 7:18:11
PM

[ System Events ]
Error - 12/6/2010 1:58:51 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 1:58:52 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 1:58:52 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 2:04:36 PM | Computer Name = ashley | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/FakeSysdef&threatid=2147639286

User:
NT AUTHORITY\SYSTEM Name: Trojan:Win32/FakeSysdef ID: 2147639286 Severity: Severe Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.95.1256.0, AS: 1.95.1256.0 Engine Version: 1.1.6402.0

Error - 12/6/2010 2:56:21 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the szserver service.

Error - 12/6/2010 5:11:48 PM | Computer Name = ashley | Source = DCOM | ID = 10010
Description = The server {31371420-098D-4C0E-A11E-EBEC2305DD01} did not register
with DCOM within the required timeout.

Error - 12/6/2010 5:17:26 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/6/2010 5:17:28 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 12/6/2010 9:08:09 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/6/2010 9:08:11 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde


< End of report >


Last edited by freddobear on 7th December 2010, 2:41 am; edited 1 time in total (Reason for editing : need otl info)

Hi,

Welcome to GeekPolice.net!

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.sys
  %systemroot%\system32\drivers\*.dll
  %systemroot%\system32\drivers\*.ini
  %systemroot%\system32\drivers\*.exe
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  disk.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  usbstor.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

I keep getting uploaded file not valid, am I scanning it wrong?

Last edited by freddobear on 7th December 2010, 6:53 am; edited 3 times in total (Reason for editing : no info-re-scanned)

re-sending hopefully:OTL Extras logfile created on: 12/7/2010 12:58:43 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = F:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive D: | 200.43 Gb Total Space | 200.22 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive E: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 97.65 Gb Total Space | 64.14 Gb Free Space | 65.68% Space Free | Partition Type: NTFS

Computer Name: ashley | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =

"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Microsoft ActiveSync\rapimgr.exe" = F:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01949445-CB7F-436B-8ECC-771BE6184BBC}" = AT&T Connect Participant Application v8.8.53
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.28
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94A61BF7-F8EE-46D1-944B-C765A7FF117A}" = STOPzilla
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = PowerDVD
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5
"{FBB6663C-33BE-408B-811D-CCFDEE046F3F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Acrobat Reader for Pocket PC 1.0" = Adobe Acrobat Reader for Pocket PC 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar 5.0
"AIMTunes" = AIMTunes
"ATT" = AT&T U-verse Setup
"ATT-PRT22" = ATT-PRT22
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"FreeRingers.net Easy Image Relay_is1" = Easy Image Relay v1.1
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"Reader Mobile for Windows Mobile 5.0" = Reader Mobile for Windows Mobile 5.0
"RealPlayer 6.0" = RealOne Player
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2010 5:29:42 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 3:29:42 PM

Error - 12/6/2010 5:29:43 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 3:29:43 PM

Error - 12/6/2010 7:20:13 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 7:20:15 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 9:12:20 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:12:20 PM

Error - 12/6/2010 9:13:13 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:13:13 PM

Error - 12/6/2010 9:14:20 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 9:18:11 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:18:11 PM

Error - 12/6/2010 9:18:11 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\PROGRA~1\SYMANT~1\VPTray.exe
Event
Info: Open Process Action Taken: Blocked Actor Process: F:\Program Files\Microsoft
Security Essentials\MsMpEng.exe (PID 1144) Time: Monday, December 06, 2010 7:18:11
PM

Error - 12/7/2010 1:03:10 AM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/6/2010 1:58:51 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 1:58:52 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 1:58:52 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 2:04:36 PM | Computer Name = ashley | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/FakeSysdef&threatid=2147639286

User:
NT AUTHORITY\SYSTEM Name: Trojan:Win32/FakeSysdef ID: 2147639286 Severity: Severe Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.95.1256.0, AS: 1.95.1256.0 Engine Version: 1.1.6402.0

Error - 12/6/2010 2:56:21 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the szserver service.

Error - 12/6/2010 5:11:48 PM | Computer Name = ashley | Source = DCOM | ID = 10010
Description = The server {31371420-098D-4C0E-A11E-EBEC2305DD01} did not register
with DCOM within the required timeout.

Error - 12/6/2010 5:17:26 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/6/2010 5:17:28 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 12/6/2010 9:08:09 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/6/2010 9:08:11 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde


< End of report >

part 2:OTL Extras logfile created on: 12/7/2010 12:58:43 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = F:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive D: | 200.43 Gb Total Space | 200.22 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive E: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 97.65 Gb Total Space | 64.14 Gb Free Space | 65.68% Space Free | Partition Type: NTFS

Computer Name: ashley | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =

"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Microsoft ActiveSync\rapimgr.exe" = F:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01949445-CB7F-436B-8ECC-771BE6184BBC}" = AT&T Connect Participant Application v8.8.53
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.28
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94A61BF7-F8EE-46D1-944B-C765A7FF117A}" = STOPzilla
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = PowerDVD
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5
"{FBB6663C-33BE-408B-811D-CCFDEE046F3F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Acrobat Reader for Pocket PC 1.0" = Adobe Acrobat Reader for Pocket PC 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar 5.0
"AIMTunes" = AIMTunes
"ATT" = AT&T U-verse Setup
"ATT-PRT22" = ATT-PRT22
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"FreeRingers.net Easy Image Relay_is1" = Easy Image Relay v1.1
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"Reader Mobile for Windows Mobile 5.0" = Reader Mobile for Windows Mobile 5.0
"RealPlayer 6.0" = RealOne Player
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2010 5:29:42 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 3:29:42 PM

Error - 12/6/2010 5:29:43 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 3:29:43 PM

Error - 12/6/2010 7:20:13 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 7:20:15 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 9:12:20 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:12:20 PM

Error - 12/6/2010 9:13:13 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DoScan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:13:13 PM

Error - 12/6/2010 9:14:20 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 9:18:11 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1144) Time: Monday,
December 06, 2010 7:18:11 PM

Error - 12/6/2010 9:18:11 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\PROGRA~1\SYMANT~1\VPTray.exe
Event
Info: Open Process Action Taken: Blocked Actor Process: F:\Program Files\Microsoft
Security Essentials\MsMpEng.exe (PID 1144) Time: Monday, December 06, 2010 7:18:11
PM

Error - 12/7/2010 1:03:10 AM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/6/2010 1:58:51 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 1:58:52 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 1:58:52 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/6/2010 2:04:36 PM | Computer Name = ashley | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/FakeSysdef&threatid=2147639286

User:
NT AUTHORITY\SYSTEM Name: Trojan:Win32/FakeSysdef ID: 2147639286 Severity: Severe Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.95.1256.0, AS: 1.95.1256.0 Engine Version: 1.1.6402.0

Error - 12/6/2010 2:56:21 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the szserver service.

Error - 12/6/2010 5:11:48 PM | Computer Name = ashley | Source = DCOM | ID = 10010
Description = The server {31371420-098D-4C0E-A11E-EBEC2305DD01} did not register
with DCOM within the required timeout.

Error - 12/6/2010 5:17:26 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/6/2010 5:17:28 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 12/6/2010 9:08:09 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/6/2010 9:08:11 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde


< End of report >

Hello - I posted this Monday night and haven't had a response yet,can you please help me finish this I'm desperate to get my computer back. Thank you so much this is greatly appreciated.

Hi,

You posted extras.txt twice. Please post OTL.txt.

Sorry about that, I've just been so fruatrated with this, now I have security essentials 2011 in here now. I re-scanned and this is the latest,Thank u.OTL logfile created on: 12/9/2010 1:53:38 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = F:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive D: | 200.43 Gb Total Space | 200.22 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive E: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 97.65 Gb Total Space | 63.51 Gb Free Space | 65.04% Space Free | Partition Type: NTFS

Computer Name: ashley | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/09 13:29:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/11/22 16:56:52 | 000,177,616 | R--- | M] (iS3, Inc.) -- F:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/11/22 16:56:48 | 000,062,928 | R--- | M] (iS3, Inc.) -- F:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 20:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/12/14 15:03:41 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- F:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2009/09/17 17:50:48 | 000,935,240 | ---- | M] (AT&T Inc.) -- F:\Documents and Settings\Owner\Local Settings\Application Data\ATT Connect\Participant\pull.exe
PRC - [2009/07/25 04:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/02/03 07:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- F:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MSASCui.exe
PRC - [2005/11/15 12:28:04 | 000,085,744 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/11/15 12:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/11/15 12:27:46 | 000,018,672 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2005/11/15 12:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/10/04 11:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/10/04 11:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/10/04 11:42:40 | 000,048,752 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) -- F:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/12/09 13:29:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/13 18:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 11:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\rsaenh.dll
MOD - [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MpShHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- F:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/22 16:56:48 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- F:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/14 23:05:16 | 000,468,368 | ---- | M] () [On_Demand | Stopped] -- F:\WINDOWS\Downloaded Program Files\DM.0\DMService.exe -- (DMService)
SRV - [2009/12/14 15:03:41 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- F:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/15 12:27:56 | 000,169,200 | ---- | M] (symantec) [On_Demand | Stopped] -- F:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/11/15 12:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/11/15 12:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/10/19 16:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/10/04 11:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/10/04 11:42:48 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/10/04 11:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/30 20:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- F:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2010/10/18 02:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20101203.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 02:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20101203.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/04 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- F:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- F:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/09/03 15:33:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/03 15:33:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/11 17:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/20 19:59:50 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/06/20 13:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/07 14:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/04/16 11:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2005/10/19 16:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- F:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/10/19 16:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/09/16 23:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- F:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/26 13:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- F:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 13:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- F:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/03/30 20:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/02/04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/11/17 14:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- F:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


[2009/03/11 16:54:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/11 16:54:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/08/04 12:09:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rnjuq2m4.default\extensions
[2008/04/23 20:18:28 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rnjuq2m4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/23 20:18:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rnjuq2m4.default\extensions\staged-xpis
[2008/04/23 20:20:18 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2008/04/22 06:45:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- F:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - F:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - F:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - F:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [MSSE] F:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [vptray] F:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] F:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] F:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [H/PC Connection Agent] F:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Push Client] F:\Documents and Settings\Owner\Local Settings\Application Data\ATT Connect\Participant\pull.exe (AT&T Inc.)
O4 - HKCU..\Run: [Search Protection] F:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updatesst] F:\Documents and Settings\All Users\Application Data\Security Essentials 2011\SE2011.exe File not found
O4 - HKCU..\Run: [XCiJPtLinj.exe] F:\DOCUME~1\Owner\LOCALS~1\Temp\XCiJPtLinj.exe File not found
O4 - HKCU..\Run: [YSearchProtection] F:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Search - f:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: se-2011-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: se-2011-payment.com ([]http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} F:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207884972108 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://xtier.d211.org/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--584a3e87-b556-4d06-99f4-d3fef0181acd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - F:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("F:\Documents and Settings\All Users\Application Data\Security Essentials 2011\SE2011.exe") - F:\Documents and Settings\All Users\Application Data\Security Essentials 2011\SE2011.exe File not found
O20 - HKCU Winlogon: Shell - (/hide) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - F:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - F:\WINDOWS\system32\NavLogon.dll - F:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: F:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - F:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/06 07:44:55 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 18:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/15 03:17:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/09 13:25:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/12/08 21:39:32 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\windowspowershell
[2010/12/06 19:27:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Owner\Desktop\OTL.com
[2010/12/05 22:05:31 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\PC Tools
[2010/12/05 19:09:31 | 000,000,000 | ---D | C] -- F:\Program Files\STOPzilla!
[2010/12/05 19:08:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Templates
[2010/12/04 18:26:32 | 000,000,000 | ---D | C] -- F:\Cache
[2010/11/30 18:07:15 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!
[2010/11/22 16:56:42 | 000,546,256 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\SZComp5.dll
[2010/11/22 16:56:42 | 000,452,048 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\SZBase5.dll
[2010/11/22 16:56:42 | 000,398,800 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3DBA5.dll
[2010/11/22 16:56:42 | 000,132,560 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3HTUI5.dll
[2010/11/22 16:56:42 | 000,028,624 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3XDat5.dll
[2010/11/22 16:56:42 | 000,022,992 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\SZIO5.dll
[2010/11/22 16:56:40 | 000,738,768 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Base5.dll
[2010/11/22 16:56:40 | 000,390,608 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3UI5.dll
[2010/11/22 16:56:40 | 000,230,864 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Win325.dll
[2010/11/22 16:56:40 | 000,099,792 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Svc5.dll
[2010/11/22 16:56:40 | 000,099,792 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Inet5.dll
[2010/11/22 16:56:40 | 000,067,024 | R--- | C] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Hks5.dll
[2010/11/21 21:11:33 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Owner\My Documents\Moms recipes
[9 F:\WINDOWS\System32\dllcache\*.tmp files -> F:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\drivers\*.tmp files -> F:\WINDOWS\System32\drivers\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/09 13:32:00 | 000,001,324 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/12/09 13:29:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/12/09 12:20:46 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/12/08 22:37:26 | 000,000,422 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{F07C0FFD-E5E4-4D4E-B810-7CCC811B04B6}.job
[2010/12/08 22:37:16 | 000,001,143 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\3358943703.dat
[2010/12/08 21:40:55 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2010/12/08 19:00:00 | 000,000,254 | ---- | M] () -- F:\WINDOWS\tasks\RMSchedule.job
[2010/12/07 01:51:23 | 000,000,784 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 19:27:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Owner\Desktop\OTL.com
[2010/12/06 15:23:24 | 000,000,104 | ---- | M] () -- F:\Documents and Settings\Owner\Desktop\My Network Places.lnk
[2010/12/06 15:23:22 | 000,000,104 | ---- | M] () -- F:\Documents and Settings\Owner\Desktop\My Computer (2).lnk
[2010/12/06 15:23:20 | 000,000,339 | ---- | M] () -- F:\Documents and Settings\Owner\Desktop\My Documents.lnk
[2010/12/06 14:47:45 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/12/06 00:16:24 | 000,189,000 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/05 22:40:29 | 000,000,286 | ---- | M] () -- F:\WINDOWS\reimage.ini
[2010/12/05 01:44:54 | 000,444,028 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/12/05 01:44:54 | 000,071,904 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/12/04 18:27:28 | 000,002,433 | ---- | M] () -- F:\Documents and Settings\Owner\Desktop\New Office Document.lnk
[2010/12/03 11:35:54 | 000,039,936 | ---- | M] () -- F:\Documents and Settings\Owner\My Documents\inv 12-3-10.xls
[2010/11/30 11:25:03 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/11/23 14:02:33 | 000,040,448 | ---- | M] () -- F:\Documents and Settings\Owner\My Documents\kso 11-23-2010.xls
[2010/11/23 13:51:11 | 000,030,720 | ---- | M] () -- F:\Documents and Settings\Owner\My Documents\KSO.xls
[2010/11/22 16:56:42 | 000,546,256 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\SZComp5.dll
[2010/11/22 16:56:42 | 000,452,048 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\SZBase5.dll
[2010/11/22 16:56:42 | 000,398,800 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3DBA5.dll
[2010/11/22 16:56:42 | 000,132,560 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3HTUI5.dll
[2010/11/22 16:56:42 | 000,028,624 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3XDat5.dll
[2010/11/22 16:56:42 | 000,022,992 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\SZIO5.dll
[2010/11/22 16:56:40 | 000,738,768 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Base5.dll
[2010/11/22 16:56:40 | 000,390,608 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3UI5.dll
[2010/11/22 16:56:40 | 000,230,864 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Win325.dll
[2010/11/22 16:56:40 | 000,099,792 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Svc5.dll
[2010/11/22 16:56:40 | 000,099,792 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Inet5.dll
[2010/11/22 16:56:40 | 000,067,024 | R--- | M] (iS3, Inc.) -- F:\WINDOWS\System32\IS3Hks5.dll
[2010/11/21 22:33:18 | 000,002,497 | ---- | M] () -- F:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/11/16 14:18:23 | 000,038,912 | ---- | M] () -- F:\Documents and Settings\Owner\My Documents\Sales Invoice1.xls kso.xls
[9 F:\WINDOWS\System32\dllcache\*.tmp files -> F:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\drivers\*.tmp files -> F:\WINDOWS\System32\drivers\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 01:51:23 | 000,000,784 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 15:23:23 | 000,000,104 | ---- | C] () -- F:\Documents and Settings\Owner\Desktop\My Network Places.lnk
[2010/12/06 15:23:21 | 000,000,104 | ---- | C] () -- F:\Documents and Settings\Owner\Desktop\My Computer (2).lnk
[2010/12/06 15:23:06 | 000,000,339 | ---- | C] () -- F:\Documents and Settings\Owner\Desktop\My Documents.lnk
[2010/12/06 15:18:34 | 000,001,143 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\3358943703.dat
[2010/12/05 20:13:17 | 000,000,286 | ---- | C] () -- F:\WINDOWS\reimage.ini
[2010/12/04 18:46:29 | 000,001,324 | ---- | C] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/12/03 11:35:53 | 000,039,936 | ---- | C] () -- F:\Documents and Settings\Owner\My Documents\inv 12-3-10.xls
[2010/12/01 04:25:57 | 000,000,254 | ---- | C] () -- F:\WINDOWS\tasks\RMSchedule.job
[2010/11/23 14:02:32 | 000,040,448 | ---- | C] () -- F:\Documents and Settings\Owner\My Documents\kso 11-23-2010.xls
[2010/11/16 14:18:22 | 000,038,912 | ---- | C] () -- F:\Documents and Settings\Owner\My Documents\Sales Invoice1.xls kso.xls
[2010/10/15 20:04:03 | 000,000,000 | ---- | C] () -- F:\WINDOWS\hpqEmlSz.INI
[2010/02/25 16:33:27 | 000,767,952 | ---- | C] () -- F:\WINDOWS\BDTSupport.dll.old
[2009/11/17 14:07:20 | 000,002,528 | ---- | C] () -- F:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/09/09 16:51:13 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\Owner\Application Data\AVSDVDPlayer.m3u
[2009/09/09 16:44:09 | 000,139,264 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2009/09/09 16:44:08 | 000,524,288 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2009/07/10 14:37:50 | 000,000,117 | ---- | C] () -- F:\WINDOWS\plxland3.ini
[2008/11/27 22:46:28 | 000,000,312 | ---- | C] () -- F:\WINDOWS\CDPlayer.ini
[2008/07/31 16:57:20 | 000,000,000 | ---- | C] () -- F:\Program Files\temp01
[2008/06/20 10:56:29 | 000,002,528 | ---- | C] () -- F:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/05/26 15:29:04 | 000,013,824 | ---- | C] () -- F:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/30 20:37:19 | 000,000,256 | ---- | C] () -- F:\Documents and Settings\Owner\Local Settings\Application Data\iTunesPrefs
[2008/04/30 20:37:03 | 000,000,024 | ---- | C] () -- F:\Documents and Settings\Owner\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2008/04/11 16:44:14 | 000,000,021 | ---- | C] () -- F:\WINDOWS\atid.ini
[2008/04/10 23:04:27 | 000,000,128 | ---- | C] () -- F:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/04/10 22:41:10 | 000,001,709 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/10 22:38:03 | 000,000,000 | ---- | C] () -- F:\WINDOWS\vpc32.INI
[2008/04/10 22:12:47 | 000,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2008/04/10 15:46:50 | 000,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- F:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/04 04:00:00 | 000,755,200 | ---- | C] () -- F:\WINDOWS\System32\ir50_32.dll
[2004/08/04 04:00:00 | 000,338,432 | ---- | C] () -- F:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 04:00:00 | 000,200,192 | ---- | C] () -- F:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 04:00:00 | 000,183,808 | ---- | C] () -- F:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 04:00:00 | 000,120,320 | ---- | C] () -- F:\WINDOWS\System32\ir41_qc.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/25 09:44:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/02/23 17:18:18 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Driver Medic
[2009/09/09 15:43:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\DriverCure
[2008/06/17 19:16:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/07/31 17:02:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Ludia
[2008/04/16 18:55:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\MediaWidget
[2008/06/14 10:17:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/01/04 16:43:51 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/11/17 12:24:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SITEguard
[2010/12/09 12:37:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/03/24 10:07:50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/12/06 11:57:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/16 23:40:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/26 19:54:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{436FF568-C03A-41B5-B97A-23CADCB7E6C9}
[2009/10/13 16:25:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/21 22:21:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/04/30 20:42:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\BSD
[2009/09/09 15:08:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\DriverCure
[2008/06/14 10:16:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\GameHouse
[2010/02/17 01:06:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\LimeWire
[2008/07/31 17:02:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\Ludia
[2009/11/16 23:47:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\MSNInstaller
[2008/04/11 16:48:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\QQ Games Plugin
[2009/08/06 21:56:25 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\Research In Motion
[2010/03/13 01:47:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Owner\Application Data\Uniblue
[2010/12/08 19:00:00 | 000,000,254 | ---- | M] () -- F:\WINDOWS\Tasks\RMSchedule.job
[2010/12/08 22:37:26 | 000,000,422 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{F07C0FFD-E5E4-4D4E-B810-7CCC811B04B6}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\WINDOWS\system32\dxtrans.dll
[1 F:\WINDOWS\system32\*.tmp files -> F:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2010/04/27 20:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\WINDOWS\system32\ntoskrnl.exe
[1 F:\WINDOWS\system32\*.tmp files -> F:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 F:\WINDOWS\system32\drivers\*.tmp files -> F:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008/04/10 15:45:06 | 000,094,208 | ---- | M] () -- F:\WINDOWS\system32\config\default.sav
[2008/04/10 15:45:06 | 000,634,880 | ---- | M] () -- F:\WINDOWS\system32\config\software.sav
[2008/04/10 15:45:05 | 000,892,928 | ---- | M] () -- F:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 04:00:00 | 000,009,029 | ---- | M] () -- F:\WINDOWS\system32\ansi.sys
[2004/08/04 04:00:00 | 000,027,097 | ---- | M] () -- F:\WINDOWS\system32\country.sys
[2004/08/04 04:00:00 | 000,004,768 | ---- | M] () -- F:\WINDOWS\system32\himem.sys
[2004/08/04 04:00:00 | 000,042,809 | ---- | M] () -- F:\WINDOWS\system32\key01.sys
[2004/08/04 04:00:00 | 000,042,537 | ---- | M] () -- F:\WINDOWS\system32\keyboard.sys
[2004/08/04 04:00:00 | 000,027,866 | ---- | M] () -- F:\WINDOWS\system32\ntdos.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- F:\WINDOWS\system32\ntdos404.sys
[2004/08/04 04:00:00 | 000,029,370 | ---- | M] () -- F:\WINDOWS\system32\ntdos411.sys
[2004/08/04 04:00:00 | 000,029,274 | ---- | M] () -- F:\WINDOWS\system32\ntdos412.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- F:\WINDOWS\system32\ntdos804.sys
[2004/08/04 04:00:00 | 000,033,840 | ---- | M] () -- F:\WINDOWS\system32\ntio.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- F:\WINDOWS\system32\ntio404.sys
[2004/08/04 04:00:00 | 000,035,648 | ---- | M] () -- F:\WINDOWS\system32\ntio411.sys
[2004/08/04 04:00:00 | 000,035,424 | ---- | M] () -- F:\WINDOWS\system32\ntio412.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- F:\WINDOWS\system32\ntio804.sys
[2008/04/13 12:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\watchdog.sys
[2010/08/31 07:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\win32k.sys
[1 F:\WINDOWS\system32\*.tmp files -> F:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 18:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 18:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 18:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 18:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 18:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 18:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 18:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 18:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 18:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 18:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 18:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 18:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 18:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 18:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 18:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- F:\WINDOWS\system32\drivers\vchnt5.dll
[1 F:\WINDOWS\system32\drivers\*.tmp files -> F:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/07/25 23:02:25 | 008,769,875 | ---- | M] (Adobe) -- F:\acrobatreader-ppc2002.exe
[2008/07/25 23:00:13 | 014,243,976 | ---- | M] (Adobe Systems ) -- F:\AdbeRdr20_ppc_enu.exe
[2008/07/25 23:36:42 | 009,147,357 | ---- | M] (Adobe ) -- F:\AdobeReader305-PalmOS.exe
[2008/07/12 16:57:42 | 001,173,424 | ---- | M] () -- F:\AMRconvert-setup.exe
[2008/06/20 10:24:46 | 011,679,762 | ---- | M] (Joe Pham ) -- F:\bitpim-1.0.5-setup.exe
[2008/04/10 15:45:06 | 000,000,210 | -HS- | M] () -- F:\boot.ini
[2008/06/17 19:28:31 | 012,904,866 | ---- | M] () -- F:\BurgerShop_AOL.exe
[2008/07/12 17:31:09 | 001,519,800 | ---- | M] () -- F:\dMC-r10.exe
[2008/04/30 20:29:29 | 023,510,720 | ---- | M] (Microsoft Corporation) -- F:\dotnetfx.exe
[2008/04/30 20:41:13 | 000,128,384 | ---- | M] (Digital River) -- F:\Download_MediaWidgetTrialType2Setup.exe
[2008/07/26 14:10:27 | 001,466,399 | ---- | M] () -- F:\fp7_ppc_en.cab
[2009/08/05 20:30:10 | 000,000,000 | ---- | M] () -- F:\install.rdf
[2008/04/11 16:42:28 | 013,934,776 | ---- | M] (AOL LLC.) -- F:\Install_AIM.exe
[2008/05/08 21:07:52 | 018,895,728 | ---- | M] (Microsoft Corporation) -- F:\Install_Messenger.exe
[2008/04/11 16:47:24 | 000,001,311 | -H-- | M] () -- F:\IPH.PH
[2008/04/30 19:53:58 | 001,833,540 | ---- | M] (iPod2Computer, Inc ) -- F:\ipod2comp_std.exe
[2008/04/11 15:42:30 | 059,782,440 | ---- | M] (Apple Inc.) -- F:\iTunesSetup.exe
[2008/04/29 17:08:28 | 004,502,280 | ---- | M] (Lime Wire LLC) -- F:\LimeWireWin.exe
[2008/04/20 21:08:18 | 008,897,792 | ---- | M] () -- F:\Motorola_Software_Update.exe
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- F:\NTDETECT.COM
[2008/09/28 12:22:03 | 000,250,048 | RHS- | M] () -- F:\ntldr
[2008/04/28 19:37:46 | 000,124,728 | ---- | M] () -- F:\oskasetup.exe
[2010/12/09 12:20:18 | 805,306,368 | -HS- | M] () -- F:\pagefile.sys
[2008/07/31 15:43:18 | 058,654,800 | ---- | M] (Jasc Software Inc ) -- F:\psp810entr.exe
[2008/07/25 23:31:17 | 000,393,835 | ---- | M] (Orneta) -- F:\reader.wm5.2.1.1.exe
[2008/07/25 23:12:00 | 000,393,835 | ---- | M] (Orneta) -- F:\reader[1].wm5.2.1.1.exe
[2008/04/10 22:30:42 | 271,150,582 | ---- | M] () -- F:\SAV_Corporate_Edition_10.0.zip
[2008/07/20 13:55:16 | 011,458,280 | ---- | M] () -- F:\Scenecaster_Install_3_11_16.exe
[2008/04/30 20:50:14 | 004,671,967 | ---- | M] () -- F:\senuti_0.50.1.dmg
[2000/05/15 09:08:32 | 000,134,656 | ---- | M] (InstallShield Software Corporation) -- F:\setup.exe
[2008/06/20 10:54:43 | 007,886,336 | ---- | M] () -- F:\setup.msi
[2008/08/26 19:53:35 | 019,902,200 | ---- | M] (Mystik Media ) -- F:\setup_blazemp_802.exe
[2008/07/12 17:27:58 | 000,131,584 | ---- | M] (Microsoft Corporation) -- F:\sndrec32.exe
[2008/07/12 17:00:50 | 000,131,584 | ---- | M] (Microsoft Corporation) -- F:\SOUND RECORDER.exe
[2010/02/25 15:55:46 | 000,016,384 | -H-- | M] () -- F:\SZKGFS.dat
[2006/02/03 10:37:30 | 018,725,888 | ---- | M] () -- F:\TIConnectV1.6.exe
[2008/04/30 20:35:45 | 006,480,384 | ---- | M] () -- F:\TouchCopy.msi
[2008/04/20 21:01:54 | 000,000,022 | ---- | M] () -- F:\USB_Driver_32.zip
[2008/06/22 13:55:31 | 025,755,448 | ---- | M] (Microsoft Corporation) -- F:\wmp11-windowsxp-x86-enu.exe
[2008/05/17 13:17:17 | 019,652,961 | ---- | M] () -- F:\ZiPhoneWin-3.0.exe

< %PROGRAMFILES%\*. >
[2008/07/25 23:44:52 | 000,000,000 | ---D | M] -- F:\Program Files\Adobe
[2008/04/11 14:57:07 | 000,000,000 | ---D | M] -- F:\Program Files\Adobe Media Player
[2009/05/10 10:11:24 | 000,000,000 | ---D | M] -- F:\Program Files\AIMTunes
[2008/04/11 16:43:20 | 000,000,000 | ---D | M] -- F:\Program Files\AOL
[2008/10/28 08:01:19 | 000,000,000 | ---D | M] -- F:\Program Files\Apple Software Update
[2010/04/02 11:27:24 | 000,000,000 | ---D | M] -- F:\Program Files\ATT
[2009/07/17 15:57:22 | 000,000,000 | ---D | M] -- F:\Program Files\att-prt22
[2009/07/17 15:57:44 | 000,000,000 | ---D | M] -- F:\Program Files\ATT-PRT22-WISE
[2009/10/18 14:29:06 | 000,000,000 | ---D | M] -- F:\Program Files\AVS4YOU
[2008/06/20 10:25:07 | 000,000,000 | ---D | M] -- F:\Program Files\BitPim
[2009/07/21 22:14:53 | 000,000,000 | ---D | M] -- F:\Program Files\Bonjour
[2008/04/10 21:34:59 | 000,000,000 | ---D | M] -- F:\Program Files\Broadcom
[2010/12/05 22:05:31 | 000,000,000 | ---D | M] -- F:\Program Files\Common Files
[2010/03/13 10:49:47 | 000,000,000 | ---D | M] -- F:\Program Files\CONEXANT
[2009/09/10 12:43:26 | 000,000,000 | ---D | M] -- F:\Program Files\CyberLink
[2008/04/10 21:23:33 | 000,000,000 | ---D | M] -- F:\Program Files\Dell Computer
[2008/06/14 10:16:52 | 000,000,000 | ---D | M] -- F:\Program Files\GameHouse
[2009/01/19 00:03:36 | 000,000,000 | ---D | M] -- F:\Program Files\Google
[2008/04/10 22:55:26 | 000,000,000 | ---D | M] -- F:\Program Files\Hewlett-Packard
[2008/04/10 22:59:53 | 000,000,000 | ---D | M] -- F:\Program Files\HP
[2008/07/12 17:31:27 | 000,000,000 | ---D | M] -- F:\Program Files\Illustrate
[2010/02/02 23:21:16 | 000,000,000 | -H-D | M] -- F:\Program Files\InstallShield Installation Information
[2010/10/13 02:17:32 | 000,000,000 | ---D | M] -- F:\Program Files\Internet Explorer
[2010/02/26 15:37:20 | 000,000,000 | ---D | M] -- F:\Program Files\iPod
[2010/02/26 15:38:42 | 000,000,000 | ---D | M] -- F:\Program Files\iTunes
[2008/07/31 15:44:15 | 000,000,000 | ---D | M] -- F:\Program Files\Jasc Software Inc
[2009/08/28 19:45:00 | 000,000,000 | ---D | M] -- F:\Program Files\Java
[2008/04/30 20:49:18 | 000,000,000 | ---D | M] -- F:\Program Files\Lenogo iPod to PC Transfer
[2010/02/23 16:30:02 | 000,000,000 | ---D | M] -- F:\Program Files\LimeWire
[2010/12/09 00:50:23 | 000,000,000 | ---D | M] -- F:\Program Files\Malwarebytes' Anti-Malware
[2009/04/16 18:42:38 | 000,000,000 | ---D | M] -- F:\Program Files\Maxis
[2008/09/28 12:32:14 | 000,000,000 | ---D | M] -- F:\Program Files\Messenger
[2009/04/07 19:16:05 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft
[2009/12/10 03:15:42 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft ActiveSync
[2009/04/09 02:02:52 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/31 14:11:39 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Forefront UAG
[2008/04/10 20:55:51 | 000,000,000 | ---D | M] -- F:\Program Files\microsoft frontpage
[2009/09/01 15:51:27 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Office
[2010/10/13 02:21:48 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Security Essentials
[2010/10/06 02:34:12 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Silverlight
[2009/04/07 19:15:20 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft SQL Server Compact Edition
[2008/04/10 22:11:52 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio
[2009/04/09 02:01:51 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Works
[2008/07/12 16:57:52 | 000,000,000 | ---D | M] -- F:\Program Files\MIKSOFT
[2008/04/20 21:08:40 | 000,000,000 | ---D | M] -- F:\Program Files\Motorola
[2010/08/13 02:04:00 | 000,000,000 | ---D | M] -- F:\Program Files\Movie Maker
[2008/04/23 20:20:18 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox
[2009/08/15 02:15:15 | 000,000,000 | ---D | M] -- F:\Program Files\MSBuild
[2009/09/01 15:50:23 | 000,000,000 | ---D | M] -- F:\Program Files\MSECache
[2010/03/13 01:53:47 | 000,000,000 | ---D | M] -- F:\Program Files\MSN
[2008/04/10 20:52:10 | 000,000,000 | ---D | M] -- F:\Program Files\MSN Gaming Zone
[2008/06/14 02:00:43 | 000,000,000 | ---D | M] -- F:\Program Files\MSXML 4.0
[2008/09/28 12:23:59 | 000,000,000 | ---D | M] -- F:\Program Files\NetMeeting
[2010/02/25 15:47:08 | 000,000,000 | ---D | M] -- F:\Program Files\NortonInstaller
[2008/04/10 20:54:05 | 000,000,000 | ---D | M] -- F:\Program Files\Online Services
[2008/07/25 23:12:13 | 000,000,000 | ---D | M] -- F:\Program Files\Orneta
[2010/05/12 02:01:46 | 000,000,000 | ---D | M] -- F:\Program Files\Outlook Express
[2010/02/02 23:23:11 | 000,000,000 | ---D | M] -- F:\Program Files\Planix Landscape Deluxe
[2010/07/26 21:27:41 | 000,000,000 | ---D | M] -- F:\Program Files\PokerStars
[2010/02/26 15:35:41 | 000,000,000 | ---D | M] -- F:\Program Files\QuickTime
[2008/04/10 21:28:08 | 000,000,000 | ---D | M] -- F:\Program Files\Real
[2009/08/15 02:14:50 | 000,000,000 | ---D | M] -- F:\Program Files\Reference Assemblies
[2009/08/06 21:37:10 | 000,000,000 | ---D | M] -- F:\Program Files\Research In Motion
[2009/08/06 21:51:04 | 000,000,000 | ---D | M] -- F:\Program Files\Roxio
[2008/11/28 13:13:06 | 000,000,000 | ---D | M] -- F:\Program Files\Smart Games
[2010/12/05 19:09:43 | 000,000,000 | ---D | M] -- F:\Program Files\STOPzilla!
[2008/04/10 22:33:20 | 000,000,000 | ---D | M] -- F:\Program Files\Symantec
[2010/12/09 12:28:37 | 000,000,000 | ---D | M] -- F:\Program Files\Symantec AntiVirus
[2009/07/08 11:51:11 | 000,000,000 | ---D | M] -- F:\Program Files\SystemRequirementsLab
[2008/04/11 16:47:04 | 000,000,000 | ---D | M] -- F:\Program Files\Tencent
[2009/08/25 09:50:12 | 000,000,000 | ---D | M] -- F:\Program Files\Three Rings Design
[2008/04/10 20:58:43 | 000,000,000 | -H-D | M] -- F:\Program Files\Uninstall Information
[2010/04/02 11:25:43 | 000,000,000 | ---D | M] -- F:\Program Files\Uverse-Activation
[2010/05/31 14:11:40 | 000,000,000 | ---D | M] -- F:\Program Files\Whale Communications
[2009/11/17 17:03:28 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Defender
[2009/04/07 19:15:50 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Live
[2009/04/07 19:14:01 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Live SkyDrive
[2008/06/22 13:57:36 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Media Connect 2
[2008/09/28 12:23:55 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Media Player
[2008/09/28 12:23:55 | 000,000,000 | ---D | M] -- F:\Program Files\Windows NT
[2008/04/10 20:54:08 | 000,000,000 | -H-D | M] -- F:\Program Files\WindowsUpdate
[2008/04/10 20:55:51 | 000,000,000 | ---D | M] -- F:\Program Files\xerox
[2009/07/31 21:47:39 | 000,000,000 | ---D | M] -- F:\Program Files\Yahoo!
[2009/03/24 10:07:51 | 000,000,000 | ---D | M] -- F:\Program Files\Yontoo Layers Client for Internet Explorer

< %appdata%\*.* >
[2008/06/20 10:56:29 | 000,002,528 | ---- | M] () -- F:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2009/10/13 15:50:25 | 000,000,000 | ---- | M] () -- F:\Documents and Settings\Owner\Application Data\AVSDVDPlayer.m3u
[2008/04/10 15:46:27 | 000,000,062 | -HS- | M] () -- F:\Documents and Settings\Owner\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/28 12:18:27 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/28 12:18:27 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/28 12:18:27 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/28 12:18:27 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/28 12:18:27 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/28 12:18:27 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- F:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- F:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- F:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- F:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 18:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- F:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 12:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- F:\WINDOWS\dell\symmpi\symmpi.sys

< MD5 for: USBSTOR.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/28 12:18:27 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/28 12:18:27 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 04:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- F:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- F:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- F:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-09 18:38:02

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
@Alternate Data Stream - 121 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
@Alternate Data Stream - 109 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

part - 2 extras.OTL Extras logfile created on: 12/9/2010 1:53:38 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = F:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive D: | 200.43 Gb Total Space | 200.22 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive E: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 97.65 Gb Total Space | 63.51 Gb Free Space | 65.04% Space Free | Partition Type: NTFS

Computer Name: ashley | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =

"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Microsoft ActiveSync\rapimgr.exe" = F:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01949445-CB7F-436B-8ECC-771BE6184BBC}" = AT&T Connect Participant Application v8.8.53
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.28
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94A61BF7-F8EE-46D1-944B-C765A7FF117A}" = STOPzilla
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = PowerDVD
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5
"{FBB6663C-33BE-408B-811D-CCFDEE046F3F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Acrobat Reader for Pocket PC 1.0" = Adobe Acrobat Reader for Pocket PC 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar 5.0
"AIMTunes" = AIMTunes
"ATT" = AT&T U-verse Setup
"ATT-PRT22" = ATT-PRT22
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"FreeRingers.net Easy Image Relay_is1" = Easy Image Relay v1.1
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"Reader Mobile for Windows Mobile 5.0" = Reader Mobile for Windows Mobile 5.0
"RealPlayer 6.0" = RealOne Player
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-1364589140-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/8/2010 4:47:13 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1140) Time: Wednesday,
December 08, 2010 2:47:13 PM

Error - 12/8/2010 4:47:13 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1140) Time: Wednesday,
December 08, 2010 2:47:13 PM

Error - 12/8/2010 4:47:17 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1140) Time: Wednesday,
December 08, 2010 2:47:17 PM

Error - 12/8/2010 4:47:17 PM | Computer Name = ashley | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Open Process Action Taken: Blocked Actor Process:
F:\Program Files\Microsoft Security Essentials\MsMpEng.exe (PID 1140) Time: Wednesday,
December 08, 2010 2:47:17 PM

Error - 12/8/2010 5:50:02 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application SE2011.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2010 5:50:26 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application SE2011.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2010 5:58:32 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application VPDN_LU.exe, version 10.0.2.2000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2010 6:19:31 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application SZOptions.exe, version 5.0.82.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2010 6:19:43 PM | Computer Name = ashley | Source = Application Hang | ID = 1002
Description = Hanging application SZOptions.exe, version 5.0.82.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2010 2:24:36 AM | Computer Name = ashley | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070002, P2 packagediscovery, P3 unspecified,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL,
P10 NIL.

[ System Events ]
Error - 12/9/2010 2:54:31 AM | Computer Name = ashley | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/9/2010 2:54:31 AM | Computer Name = ashley | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/9/2010 2:58:40 AM | Computer Name = ashley | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/9/2010 3:07:51 AM | Computer Name = ashley | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/9/2010 3:11:35 AM | Computer Name = ashley | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/9/2010 3:13:32 AM | Computer Name = ashley | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/9/2010 3:28:25 AM | Computer Name = ashley | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/9/2010 2:24:59 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/9/2010 2:26:42 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7022
Description = The Microsoft Forefront UAG Quarantine Enforcement Client service
hung on starting.

Error - 12/9/2010 2:26:42 PM | Computer Name = ashley | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde


< End of report >

Hi,

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O4 - HKCU..\Run: [updatesst] F:\Documents and Settings\All Users\Application Data\Security Essentials 2011\SE2011.exe File not found
  O4 - HKCU..\Run: [XCiJPtLinj.exe] F:\DOCUME~1\Owner\LOCALS~1\Temp\XCiJPtLinj.exe File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
  O15 - HKCU\..Trusted Domains: se-2011-download.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: se-2011-payment.com ([]http in Trusted sites)
  O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
  O20 - HKCU Winlogon: Shell - ("F:\Documents and Settings\All Users\Application Data\Security Essentials 2011\SE2011.exe") - F:\Documents and Settings\All Users\Application Data\Security Essentials 2011\SE2011.exe File not found
  O20 - HKCU Winlogon: Shell - (/hide) - File not found
  
  
  :commands
  [emptytemp]
  [resethosts]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

ComboFix 10-12-09.04 - Owner 12/10/2010 13:26:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.807 [GMT -6]
Running from: f:\documents and settings\Owner\Desktop\commy.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf
f:\documents and settings\Owner\My Documents\New Folder\Temporary Internet Files\mccA2.tmp
F:\setup.exe
f:\windows\Downloaded Program Files\DM.0
f:\windows\Downloaded Program Files\DM.0\DMService.exe
f:\windows\Downloaded Program Files\DM.0\WhlMgr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMService
-------\Legacy_DMService
-------\Service_DMService
-------\Service_DMService


((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 18:50 . 2010-12-10 18:50 -------- d-----w- F:\_OTL
2010-12-10 18:31 . 2010-11-10 04:33 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202A54CB-7A6F-44DB-8751-4F9FBB456A31}\mpengine.dll
2010-12-09 18:37 . 2010-11-16 18:01 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{AE027AA8-F938-4295-9AF4-07E12A34BA97}\mpengine.dll
2010-12-09 05:30 . 2010-12-09 05:31 -------- d-----w- f:\documents and settings\Administrator
2010-12-06 04:05 . 2010-12-06 21:13 -------- d-----w- f:\program files\Common Files\PC Tools
2010-12-06 01:09 . 2010-12-06 01:09 -------- d-----w- f:\program files\STOPzilla!
2010-12-05 00:26 . 2010-12-05 00:26 -------- d-----w- F:\Cache
2010-12-04 23:40 . 2010-12-04 23:40 82944 ----a-w- f:\windows\system32\drivers\6973E8.tmp
2010-12-01 00:07 . 2010-12-01 00:07 -------- d-----w- f:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2010-11-22 22:56 . 2010-11-22 22:56 546256 ----a-r- f:\windows\system32\SZComp5.dll
2010-11-22 22:56 . 2010-11-22 22:56 452048 ----a-r- f:\windows\system32\SZBase5.dll
2010-11-22 22:56 . 2010-11-22 22:56 398800 ----a-r- f:\windows\system32\IS3DBA5.dll
2010-11-22 22:56 . 2010-11-22 22:56 28624 ----a-r- f:\windows\system32\IS3XDat5.dll
2010-11-22 22:56 . 2010-11-22 22:56 22992 ----a-r- f:\windows\system32\SZIO5.dll
2010-11-22 22:56 . 2010-11-22 22:56 132560 ----a-r- f:\windows\system32\IS3HTUI5.dll
2010-11-22 22:56 . 2010-11-22 22:56 99792 ----a-r- f:\windows\system32\IS3Svc5.dll
2010-11-22 22:56 . 2010-11-22 22:56 99792 ----a-r- f:\windows\system32\IS3Inet5.dll
2010-11-22 22:56 . 2010-11-22 22:56 738768 ----a-r- f:\windows\system32\IS3Base5.dll
2010-11-22 22:56 . 2010-11-22 22:56 67024 ----a-r- f:\windows\system32\IS3Hks5.dll
2010-11-22 22:56 . 2010-11-22 22:56 390608 ----a-r- f:\windows\system32\IS3UI5.dll
2010-11-22 22:56 . 2010-11-22 22:56 230864 ----a-r- f:\windows\system32\IS3Win325.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:42 . 2010-02-27 16:00 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2010-02-27 16:00 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-11-16 18:01 . 2009-11-17 23:08 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-10 04:33 . 2010-02-28 08:19 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 16:41 . 2009-11-17 23:08 222080 ------w- f:\windows\system32\MpSigStub.exe
2010-09-18 17:23 . 2004-08-04 10:00 974848 ----a-w- f:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- f:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- f:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- f:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w- f:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"Search Protection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Push Client"="f:\documents and settings\Owner\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-09-17 935240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"ccApp"="f:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="f:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="f:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AppleSyncNotifier"="f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"RoxWatchTray"="f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"MSSE"="f:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - f:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=

R0 szkg5;szkg5;f:\windows\system32\drivers\SZKG.sys [12/7/2009 4:59 PM 61328]
R0 szkgfs;szkgfs;f:\windows\system32\drivers\SZKGFS.sys [5/12/2010 5:01 PM 59280]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;f:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [5/31/2010 2:11 PM 149904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;f:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2010 7:07 PM 102448]
S0 is3srv;is3srv;f:\windows\system32\drivers\is3srv.sys [12/7/2009 4:59 PM 61328]
S2 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 cpuz134;cpuz134;\??\f:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> f:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MotDev;Motorola Inc. USB Device;f:\windows\system32\drivers\motodrv.sys [4/20/2008 9:08 PM 42112]
S3 SavRoam;SAVRoam;f:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 12:27 PM 169200]
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-10 f:\windows\Tasks\User_Feed_Synchronization-{F07C0FFD-E5E4-4D4E-B810-7CCC811B04B6}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - f:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send Image to Phone - http://www.freeringers.net/ezimage.php
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-Malwarebytes' Anti-Malware_is1 - f:\program files\Malwarebytes' Anti-Malware\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 15:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
f:\windows\system32\l3codeca.acm
f:\windows\system32\scg726.acm
f:\windows\system32\alf2cd.acm
f:\windows\system32\AC3ACM.acm

- - - - - - - > 'explorer.exe'(904)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\mshtml.dll
f:\windows\system32\msls31.dll
f:\windows\IME\SPGRMR.DLL
f:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
f:\windows\system32\l3codeca.acm
f:\windows\system32\scg726.acm
f:\windows\system32\alf2cd.acm
f:\windows\system32\AC3ACM.acm
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
f:\program files\Microsoft Security Essentials\MsMpEng.exe
f:\program files\Common Files\Symantec Shared\ccSetMgr.exe
f:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Symantec AntiVirus\DefWatch.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Motive\McciCMService.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\Symantec AntiVirus\Rtvscan.exe
f:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
f:\program files\Symantec AntiVirus\DoScan.exe
f:\program files\Microsoft ActiveSync\wcescomm.exe
f:\progra~1\MI3AA1~1\rapimgr.exe
f:\windows\system32\HPZipm12.exe
f:\program files\iPod\bin\iPodService.exe
f:\program files\HP\Digital Imaging\bin\hpqgalry.exe
f:\program files\Java\jre6\bin\jucheck.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-12-10 16:00:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 21:59

Pre-Run: 67,134,484,480 bytes free
Post-Run: 69,355,839,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - AFD411796D45DF92E3267F52B46D3B80
s the results, I want to thank u again for all your help.

Hi,

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   f:\windows\system32\drivers\6973E8.tmp
   
   
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

=================

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Hi again - Sorry I was having a brain freeze on what you were asking me to do, I pulled up the notepad but it was a different language so I let it sit for a few days to comprehend what you were telling me and now it has blacked out my screen. I have to keep turning my screen on and off for a split second look at it. Is my only option now rebooting and loosing everything in there? And me like a dummy didnt back up on a scan disk. Im very frustrated with this. Thank you again for all your help.

Hi,

So your notepad was in a different language and now it won't boot?