Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Assist! Possible Virus slowing computer way down and rendering Norton Internet Security 2010 useless.


  • This topic is locked This topic is locked
11 replies to this topic

#1 Nick264

Nick264

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 17 May 2010 - 08:35 PM

Within the last month, a serious virus occured which i was able to contain and get completely rid of. It was a fake antivirus program that my little brother accidently clicked on. By following all online guides though, i successfully removed the virus and all registry keys, and it was removed with assitance of Norton Internet Security 2010. which we replaced Microsoft Security Essentials with when the virus breached the computer. Problem now is ever since then, the SONAR Protection on NIS10 will NOT turn on for anything and liveupdates will not go through. I have been in constant contact with NIS Support through phone and chat and even after doing every last troubleshooting action, even wiping the computer clean of all Norton products, the software still remains messed up and corrupt. I am no longer sure what the issue could be, but i wanted to seek assitance to see if maybe something could be found in the logs.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
UPDATE!! 5/18/10
The GMER File that is needed i cannot get. The software will NOT work because everytime i try to run it and start the scan, it sends my computer into a BSOD state and says the cause of the corruption is the file kwroqfox.sys

Attached Files


Edited by Nick264, 18 May 2010 - 07:35 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:32 AM

Posted 19 May 2010 - 02:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Nick264

Nick264
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 May 2010 - 09:18 PM

Hey, its alright i understand and sorry about delay in responding myself. I made sure to check the immediate notification box but i never got a email saying my post had been responded to. Anyway, here are the logs you requested. I am still having the same situation
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 5/22/2010 9:50:16 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Ryan Elliott\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 123.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.54 Gb Total Space | 139.06 Gb Free Space | 61.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARIA-7355D9034
Current User Name: Ryan Elliott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58601:TCP" = 58601:TCP:*:Enabled:Pando Media Booster
"58601:UDP" = 58601:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"59058:TCP" = 59058:TCP:*:Enabled:Pando Media Booster
"59058:UDP" = 59058:UDP:*:Enabled:Pando Media Booster
"58601:TCP" = 58601:TCP:*:Enabled:Pando Media Booster
"58601:UDP" = 58601:UDP:*:Enabled:Pando Media Booster
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server
"1935:TCP" = 1935:TCP:*:Enabled:BroadCam Video Streaming Server Flash Video Server
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Rockstar Games\Midnight Club II Demo\mc2_demo.exe" = C:\Program Files\Rockstar Games\Midnight Club II Demo\mc2_demo.exe:*:Enabled:mc2_demo -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\Safari\Safari.exe" = C:\Program Files\Safari\Safari.exe:*:Enabled:Safari Web Browser -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02828774-BEAF-39B4-E4F5-F093D6184402}" = TidySongs
"{02BC140F-504C-4DB5-B581-FD2920BBE363}" = Midnight Club II Demo
"{05DFB620-513C-4F90-86E1-66B9E7A42243}" = Watchtower Library 2003 - English Edition
"{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6CB8556C-36B2-40D4-A73A-4ACBAFC8C72D}" = Tony Hawks Pro Skater 4 Demo
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.02
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{8418FE6C-36B5-4023-8704-5DC2F21BB2E8}" = UltraEdit 15.00
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1" = Free Video Cutter 1.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A67C4EF9-725D-4C83-A67A-BB7B7DE96CF4}" = Sibelius 5 Demo
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro 2 version 2.4.1.314
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.50.01
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb" = X-Wing & TIE Fighter 95 Compatibility Fix
"{E3DC3ADE-1DEB-4F54-832F-6AD86927F3B8}" = Boss Hunter
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F18FB90C-2DC4-4CFF-908F-2FB7DEEF26E0}" = Musical Scales
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agogo FLV to PSP Converter Free_is1" = Agogo FLV to PSP Converter Free 8.49
"Aim Plugin for QQ Games" = Aim Plugin for QQ Games
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"All ATI Software" = ATI - Software Uninstall Utility
"Allok Video Splitter_is1" = Allok Video Splitter 3.1.0609
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BroadCam" = BroadCam Video Streaming Server
"CCleaner" = CCleaner
"CL-Eye Driver" = CL-Eye Driver
"Computer Alarm Clock" = Computer Alarm Clock
"Debut" = Debut Video Capture Software
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EsetOnlineScanner" = ESET Online Scanner
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Finale 2010 Demo" = Finale 2010 Demo
"Finale NotePad 2010" = Finale NotePad 2010
"Flock (2.5)" = Flock (2.5)
"FLV Player" = FLV Player 2.0 (build 25)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free Realms Installer" = Free Realms Installer
"FrostWire" = FrostWire 4.20.3
"Graboid Video" = Graboid Video 1.65
"Haihaisoft Universal Player" = Haihaisoft Universal Player
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iDumpPro" = iDumpPro
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"iPod PC Transfer Photo_is1" = iPod PC Transfer Photo 3.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"LucasArts' Force Commander Demo" = LucasArts' Force Commander Demo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSNINST" = MSN
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonPCCheckup" = Norton PC Checkup
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video Converter
"psp ebook creator_is1" = psp ebook creator v1.0.3
"PSP Video 9" = PSP Video 9 5.04
"QQ Games" = QQ Games
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Slice" = Slice Audio File Splitter
"StepVoice Recorder_is1" = StepVoice Recorder 1.6
"TEW2005" = TEW2005
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"TidySongs" = TidySongs (remove only)
"tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1" = TidySongs
"TomTom HOME" = TomTom HOME 2.6.2.1586
"Toshiba AutoTask" = Toshiba AutoTask
"UnHackMe_is1" = UnHackMe 5.00 release
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"VideoPad" = VideoPad Video Editor
"Videora iPod Converter" = Videora iPod Converter 4.07
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WallpaperToy" = Wallpaper Changer for Windows XP
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0200" = Microsoft WinUsb 2.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.93
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2010 6:52:53 PM | Computer Name = MARIA-7355D9034 | Source = ESENT | ID = 439
Description = SearchIndexer (488) Unable to write a shadowed header for file C:\Documents
and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb.
Error -1022.

Error - 5/22/2010 6:52:54 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 9000
Description = The Windows Search Service cannot open the Jet property store. Details:
The
content index cannot be read. (0xc0041800)

Error - 5/22/2010 6:52:54 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Details: The content index metadata cannot be read. (0xc0041801)

Error - 5/22/2010 6:52:54 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 1006
Description = The Windows Search Service has failed to create the SystemIndex search
index. Internal error <4, 0xc0041800, Failed to add project: C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects>.

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = ESENT | ID = 485
Description = SearchIndexer (660) An attempt to delete the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = ESENT | ID = 490
Description = SearchIndexer (660) An attempt to open the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = ESENT | ID = 439
Description = SearchIndexer (660) Unable to write a shadowed header for file C:\Documents
and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb.
Error -1022.

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 9000
Description = The Windows Search Service cannot open the Jet property store. Details:
The
content index cannot be read. (0xc0041800)

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Details: The content index metadata cannot be read. (0xc0041801)

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 1006
Description = The Windows Search Service has failed to create the SystemIndex search
index. Internal error <4, 0xc0041800, Failed to add project: C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects>.

[ Application Events ]
Error - 5/22/2010 6:52:53 PM | Computer Name = MARIA-7355D9034 | Source = ESENT | ID = 439
Description = SearchIndexer (488) Unable to write a shadowed header for file C:\Documents
and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb.
Error -1022.

Error - 5/22/2010 6:52:54 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 9000
Description = The Windows Search Service cannot open the Jet property store. Details:
The
content index cannot be read. (0xc0041800)

Error - 5/22/2010 6:52:54 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Details: The content index metadata cannot be read. (0xc0041801)

Error - 5/22/2010 6:52:54 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 1006
Description = The Windows Search Service has failed to create the SystemIndex search
index. Internal error <4, 0xc0041800, Failed to add project: C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects>.

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = ESENT | ID = 485
Description = SearchIndexer (660) An attempt to delete the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = ESENT | ID = 490
Description = SearchIndexer (660) An attempt to open the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = ESENT | ID = 439
Description = SearchIndexer (660) Unable to write a shadowed header for file C:\Documents
and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb.
Error -1022.

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 9000
Description = The Windows Search Service cannot open the Jet property store. Details:
The
content index cannot be read. (0xc0041800)

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Details: The content index metadata cannot be read. (0xc0041801)

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = Windows Search Service | ID = 1006
Description = The Windows Search Service has failed to create the SystemIndex search
index. Internal error <4, 0xc0041800, Failed to add project: C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects>.

[ Media Center Events ]
Error - 4/24/2010 3:17:23 PM | Computer Name = MARIA-7355D9034 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 4/24/2010 3:17:23 PM. You may need to reschedule your recordings.

Error - 4/24/2010 5:14:33 PM | Computer Name = MARIA-7355D9034 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 4/24/2010 5:14:33 PM. You may need to reschedule your recordings.

[ OSession Events ]
Error - 5/18/2010 8:53:16 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 8:58:53 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 243
seconds with 240 seconds of active time. This session ended with a crash.

Error - 5/18/2010 8:59:51 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 9:00:30 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 9:00:41 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 9:01:02 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 9:01:27 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 9:01:38 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2010 8:10:55 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 900
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2010 8:11:16 PM | Computer Name = MARIA-7355D9034 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/21/2010 8:18:41 PM | Computer Name = MARIA-7355D9034 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 5/21/2010 8:18:42 PM | Computer Name = MARIA-7355D9034 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 5/21/2010 8:26:32 PM | Computer Name = MARIA-7355D9034 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 5/21/2010 8:30:57 PM | Computer Name = MARIA-7355D9034 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 5/22/2010 12:44:44 PM | Computer Name = MARIA-7355D9034 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 5/22/2010 12:46:48 PM | Computer Name = MARIA-7355D9034 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 5/22/2010 5:21:29 PM | Computer Name = MARIA-7355D9034 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 5/22/2010 6:49:36 PM | Computer Name = MARIA-7355D9034 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 5/22/2010 6:52:54 PM | Computer Name = MARIA-7355D9034 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 5/22/2010 7:36:32 PM | Computer Name = MARIA-7355D9034 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

[ TuneUp Events ]
Error - 6/9/2009 5:21:21 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/9/2009 5:28:41 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/9/2009 5:32:26 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/9/2009 5:33:26 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/19/2009 1:19:19 AM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/28/2009 5:47:54 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/29/2009 9:00:21 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/29/2009 9:01:26 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/29/2009 9:01:41 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/29/2009 10:19:28 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

[ TuneUp Events ]
Error - 6/9/2009 5:21:21 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/9/2009 5:28:41 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/9/2009 5:32:26 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/9/2009 5:33:26 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/19/2009 1:19:19 AM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/28/2009 5:47:54 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/29/2009 9:00:21 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/29/2009 9:01:26 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/29/2009 9:01:41 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6/29/2009 10:19:28 PM | Computer Name = MARIA-7355D9034 | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 5/22/2010 9:50:16 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Ryan Elliott\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 123.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.54 Gb Total Space | 139.06 Gb Free Space | 61.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARIA-7355D9034
Current User Name: Ryan Elliott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/22 21:48:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan Elliott\Desktop\OTL.exe
PRC - [2010/05/12 11:53:22 | 000,103,792 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/02 22:05:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/20 19:56:50 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/17 18:51:23 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/14 04:25:39 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe
PRC - [2009/06/22 13:28:56 | 000,335,872 | ---- | M] (Dura Micro, Inc) -- C:\Program Files\AutoTask\AutoTask.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/31 15:16:47 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2007/08/31 15:13:41 | 000,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/10/24 08:33:04 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcicoms.exe
PRC - [2005/09/30 10:47:22 | 000,200,704 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 7300 Series\lxcimon.exe
PRC - [2005/08/01 08:05:04 | 000,094,208 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 7300 Series\ezprint.exe
PRC - [2005/03/22 18:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2010/05/22 21:48:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan Elliott\Desktop\OTL.exe
MOD - [2010/03/26 19:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\asOEHook.dll
MOD - [2010/03/11 19:06:37 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/16 11:22:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2009/08/13 09:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\Microsoft.VC90.CRT\msvcp90.dll
MOD - [2009/01/18 19:10:29 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/12 11:53:22 | 000,103,792 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/11/09 18:56:20 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT) SQL Server (AUTODESKVAULT)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/08 06:38:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/22 03:17:18 | 000,079,360 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/12/01 12:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/12 05:34:56 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\iDumpPro\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/24 08:33:04 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcicoms.exe -- (lxci_device)


========== Driver Services (SafeList) ==========

DRV - [2010/05/17 18:42:06 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100517.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/17 18:42:05 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100517.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/17 18:35:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/04 05:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/04 05:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/26 22:23:54 | 000,116,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 22:23:21 | 000,325,680 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 22:23:21 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/18 19:30:24 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 19:30:24 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/18 19:30:24 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/10 21:55:33 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/03 21:40:52 | 000,362,032 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/03 21:40:50 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2010/02/03 21:40:07 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100513.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/07/13 17:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/04/30 07:11:04 | 000,004,224 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\REFILERW.SYS -- (REFILERW)
DRV - [2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/31 18:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 E7 14 85 7B F4 CA 01 [binary data]
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:0.9.11
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:52:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/14 04:27:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/05/17 18:41:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/05/17 18:35:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2010/04/15 21:48:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/04/17 07:19:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components [2010/04/15 21:48:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/04/17 07:19:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 07:08:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/17 17:02:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/15 21:48:59 | 000,000,000 | ---D | M]

[2009/05/16 23:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Extensions
[2009/05/16 23:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/05/22 20:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\extensions
[2010/04/27 16:44:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 16:44:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/18 19:14:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/05/01 22:12:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/11 15:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\extensions\moveplayer@movenetworks.com
[2009/07/02 22:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\extensions\OberonGameHost@OberonGames.com
[2010/01/31 19:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\extensions\runtime@panda3d.org
[2009/04/26 01:28:25 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\Application Data\Mozilla\Firefox\Profiles\yof6ccl0.default\searchplugins\live-search.xml
[2010/05/22 12:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/12 23:07:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/03 22:43:33 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/17 17:02:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/17 17:02:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/05/17 20:17:21 | 000,395,206 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 www.123simsen.com
O1 - Hosts: 127.0.0.1 123simsen.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 13649 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoTask] C:\Program Files\AutoTask\AutoTask.exe (Dura Micro, Inc)
O4 - HKLM..\Run: [BackupSoft] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxcimon.exe] C:\Program Files\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1644491937-1606980848-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1644491937-1606980848-839522115-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ryan Elliott\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1606980848-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1232303343360 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/20 20:03:44 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/10/13 17:23:46 | 000,045,056 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/26 20:21:07 | 000,000,158 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0c8524bc-1776-11df-ae1e-0013720de751}\Shell - "" = AutoRun
O33 - MountPoints2\{0c8524bc-1776-11df-ae1e-0013720de751}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c8524bc-1776-11df-ae1e-0013720de751}\Shell\AutoRun\command - "" = K:\Launcher.exe -- File not found
O33 - MountPoints2\{977e2e56-2baf-11de-acc5-0013720de751}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "YahooAUService"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "WinDefend"
MsConfig - Services: "Viewpoint Manager Service"
MsConfig - Services: "TomTomHOMEService"
MsConfig - Services: "SQLWriter"
MsConfig - Services: "SQLBrowser"
MsConfig - Services: "SeaPort"
MsConfig - Services: "RichVideo"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NMSAccessU"
MsConfig - Services: "MSSQL$AUTODESKVAULT"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "lxci_device"
MsConfig - Services: "iPod Service"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "gusvc"
MsConfig - Services: "gupdate1c9f82ecc40a6bc"
MsConfig - Services: "getPlus® Helper"
MsConfig - Services: "GameConsoleService"
MsConfig - Services: "fsssvc"
MsConfig - Services: "Autodesk Licensing Service"
MsConfig - Services: "ATI Smart"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "Apple Mobile Device"
MsConfig - StartUpFolder: C:^Documents and Settings^Ryan Elliott^Start Menu^Programs^Startup^Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe - (Microsoft Corp.)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: BroadCam - hkey= - key= - C:\Program Files\NCH Software\BroadCam\broadcam.exe (NCH Software)
MsConfig - StartUpReg: Computer Alarm Clock - hkey= - key= - C:\Program Files\Computer Alarm Clock\cac.exe (Think Art Computing.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B90C0251-CCB8-E565-8C4F-4FF5E8CBCC58} - DirectX
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C35C83C5-F0A5-E072-1A56-13EE65AEC31B} - Microsoft Windows Media Player 6.4
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D76A7AF2-B74E-AE8F-947E-093F37A8831E} - DirectX
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/18 11:30:21 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/22 21:48:10 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan Elliott\Desktop\OTL.exe
[2010/05/21 21:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/05/21 21:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\PC_Drivers_Headquarters
[2010/05/21 21:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/21 21:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/05/21 21:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/05/21 21:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2010/05/21 21:32:11 | 001,589,248 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippsw711.dll
[2010/05/21 21:32:11 | 000,266,240 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippsrw711.dll
[2010/05/21 21:32:11 | 000,159,744 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippjw711.dll
[2010/05/21 21:32:10 | 002,592,768 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippiw711.dll
[2010/05/21 21:32:09 | 000,466,944 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippcvw711.dll
[2010/05/21 21:32:09 | 000,225,280 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippi11.dll
[2010/05/21 21:32:09 | 000,176,128 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ipps11.dll
[2010/05/21 21:32:09 | 000,094,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippcv11.dll
[2010/05/21 21:32:09 | 000,077,824 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippsr11.dll
[2010/05/21 21:32:09 | 000,065,536 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippj11.dll
[2010/05/21 21:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Applications
[2010/05/21 21:29:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\color
[2010/05/21 21:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 7300 Series
[2010/05/21 21:09:06 | 000,000,000 | ---D | C] -- C:\Lexmark
[2010/05/21 21:01:11 | 041,657,679 | ---- | C] (Lexmark International, Inc. ) -- C:\Documents and Settings\Ryan Elliott\Desktop\cjb7300EN.exe
[2010/05/21 20:21:40 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciserv.dll
[2010/05/21 20:21:40 | 001,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciusb1.dll
[2010/05/21 20:21:40 | 000,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipmui.dll
[2010/05/21 20:21:40 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciprox.dll
[2010/05/21 20:21:40 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipplc.dll
[2010/05/21 20:21:39 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihbn3.dll
[2010/05/21 20:21:39 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomc.dll
[2010/05/21 20:21:39 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicoms.exe
[2010/05/21 20:21:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomm.dll
[2010/05/21 20:21:39 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciih.exe
[2010/05/21 20:21:39 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicfg.exe
[2010/05/21 20:21:38 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcilmpm.dll
[2010/05/21 20:21:38 | 000,430,080 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxciutil.dll
[2010/05/21 20:21:35 | 000,196,608 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxciinsb.dll
[2010/05/21 20:21:35 | 000,126,976 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcijswr.dll
[2010/05/21 20:21:35 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxciinsr.dll
[2010/05/21 20:21:34 | 000,983,092 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxcigf.dll
[2010/05/21 20:21:34 | 000,155,648 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxciins.dll
[2010/05/21 20:21:34 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcicur.dll
[2010/05/21 20:21:33 | 000,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcicub.dll
[2010/05/21 20:21:33 | 000,073,728 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcicu.dll
[2010/05/21 20:21:31 | 000,069,632 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxcicfg.dll
[2010/05/20 21:58:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan Elliott\Recent
[2010/05/20 20:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\Tific
[2010/05/20 20:27:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2010/05/20 20:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2010/05/20 20:27:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200030.107
[2010/05/18 21:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2010/05/18 21:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help
[2010/05/17 20:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\FixItCenter
[2010/05/17 20:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2010/05/17 20:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/05/17 20:33:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/05/17 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\My Documents\Symantec
[2010/05/17 18:35:50 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/17 18:35:50 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/17 18:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/17 18:35:44 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1106000.020\cchpx86.sys
[2010/05/17 18:35:44 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1106000.020\symtdi.sys
[2010/05/17 18:35:44 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1106000.020\symtdiv.sys
[2010/05/17 18:35:44 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymDS.sys
[2010/05/17 18:35:44 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1106000.020\srtsp.sys
[2010/05/17 18:35:44 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymEFA.sys
[2010/05/17 18:35:44 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1106000.020\Ironx86.sys
[2010/05/17 18:35:44 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1106000.020\srtspx.sys
[2010/05/17 18:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/05/17 18:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/17 17:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/17 17:02:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/17 17:02:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/17 17:02:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/17 17:02:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/15 19:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Application Data\Media Player Classic
[2010/05/15 19:06:58 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/05/15 19:06:58 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2010/05/15 19:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/05/15 18:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\Symantec
[2010/05/15 18:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/05/15 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Application Data\Tific
[2010/05/15 08:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Installer
[2010/05/04 20:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Desktop\Star Wars Episode III Soundtrack
[2010/05/01 23:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Application Data\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2010/05/01 23:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\TidySongs
[2010/05/01 22:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Desktop\NCIS Music
[2010/05/01 22:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Desktop\Incomplete
[2010/05/01 09:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/26 23:21:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/26 22:25:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/26 22:24:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/26 22:24:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/26 22:24:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/26 22:24:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/26 22:24:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/26 22:23:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/26 22:23:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/26 20:59:07 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 17:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/26 17:52:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1106000.020
[2010/04/26 17:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/04/26 17:51:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/04/26 17:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/26 17:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/25 02:16:19 | 000,000,000 | ---D | C] -- C:\found.001
[2010/04/24 23:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\My Documents\My ooVoo
[2010/04/24 23:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Elliott\Application Data\ooVoo Details
[2010/04/24 23:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/22 21:56:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/22 21:55:56 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0C39FC79-27DB-47A1-8714-1DC48F2623CC}.job
[2010/05/22 21:48:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan Elliott\Desktop\OTL.exe
[2010/05/22 21:01:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1606980848-839522115-1004UA.job
[2010/05/22 20:38:02 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/05/22 20:01:01 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1606980848-839522115-1004Core.job
[2010/05/22 19:28:32 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\NTUSER.DAT
[2010/05/22 18:51:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-839522115-1004.job
[2010/05/22 18:51:23 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-839522115-1004.job
[2010/05/22 18:51:01 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/05/22 18:50:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/22 18:50:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-839522115-1017.job
[2010/05/22 18:50:46 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-839522115-1003.job
[2010/05/22 18:50:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-839522115-1019.job
[2010/05/22 18:50:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-839522115-1018.job
[2010/05/22 18:49:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/22 18:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 18:49:14 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/22 18:00:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/22 17:33:50 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-839522115-1019.job
[2010/05/22 17:16:22 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-839522115-1017.job
[2010/05/21 21:58:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ryan Elliott\ntuser.ini
[2010/05/21 21:53:37 | 000,116,280 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 21:37:34 | 000,012,686 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/05/21 21:32:44 | 000,000,257 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/05/21 21:32:13 | 000,151,566 | ---- | M] () -- C:\WINDOWS\System32\UninstIPP.isu
[2010/05/21 21:17:08 | 000,000,867 | ---- | M] () -- C:\lxciinst.csv
[2010/05/21 21:16:30 | 000,000,275 | ---- | M] () -- C:\lxcifire.csv
[2010/05/21 21:10:02 | 000,000,139 | ---- | M] () -- C:\lxciinst.004
[2010/05/21 21:09:24 | 000,000,275 | ---- | M] () -- C:\lxcifire.004
[2010/05/21 21:08:43 | 041,657,679 | ---- | M] (Lexmark International, Inc. ) -- C:\Documents and Settings\Ryan Elliott\Desktop\cjb7300EN.exe
[2010/05/21 20:39:32 | 000,001,125 | ---- | M] () -- C:\lxciinst.003
[2010/05/21 20:38:36 | 000,000,000 | ---- | M] () -- C:\lxcifire.003
[2010/05/21 20:24:52 | 000,001,125 | ---- | M] () -- C:\LXCIINST.002
[2010/05/21 20:24:23 | 000,000,000 | ---- | M] () -- C:\lxcifire.002
[2010/05/21 20:22:21 | 000,001,125 | ---- | M] () -- C:\LXCIINST.001
[2010/05/21 20:21:22 | 000,000,000 | ---- | M] () -- C:\lxcifire.001
[2010/05/21 20:14:53 | 000,300,267 | ---- | M] () -- C:\lxciunst.csv
[2010/05/21 17:10:22 | 000,201,629 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\Desktop\Registration Letter 2010.pdf
[2010/05/21 17:10:22 | 000,056,475 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\Desktop\Medical Release Form.pdf
[2010/05/20 21:53:42 | 000,045,864 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Obesity and Children.docx
[2010/05/20 21:46:44 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\usb001
[2010/05/20 21:15:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/20 20:38:04 | 000,372,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/20 20:13:24 | 000,000,798 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/18 20:46:13 | 000,636,568 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\Cat.DB
[2010/05/18 20:41:21 | 000,601,166 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/18 20:41:21 | 000,512,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/18 20:41:21 | 000,097,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/18 20:31:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 19:21:08 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/05/18 19:21:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/17 23:37:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-839522115-1003.job
[2010/05/17 20:17:21 | 000,395,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/17 19:34:57 | 007,977,350 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Goodie Mob - Black Ice.flv
[2010/05/17 19:31:36 | 009,040,851 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\OutKast - Git Up, Git Out.flv
[2010/05/17 19:28:48 | 007,714,648 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Goodie Mob Dirty South.flv
[2010/05/17 19:23:59 | 003,860,162 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Paid In Full - Eric B. Rakim.flv
[2010/05/17 18:35:50 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/17 18:35:50 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/17 18:35:50 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/17 18:35:50 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/17 17:02:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/17 17:02:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/17 17:02:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/17 17:02:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/17 17:02:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/16 14:19:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-839522115-1018.job
[2010/05/15 12:24:49 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/05/12 12:07:40 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200030.107\isolate.ini
[2010/05/10 22:05:25 | 016,059,733 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Yokan by Heidi. - Kaichou wa Maid-sama! Ending 1.flv
[2010/05/10 22:02:45 | 016,271,094 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Shoko Nakagawa - RAY OF LIGHT (HQ).flv
[2010/05/10 21:52:34 | 006,050,294 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Rain by SID (Opening Fullmetal Alchemist Shintetsu) [FULL].flv
[2010/05/06 21:25:37 | 052,371,795 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Phoebus HS Baseball Comeback vs Kecoughtan 4 30 2010.flv
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/04 20:09:50 | 005,496,069 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\nas - black republican.flv
[2010/05/02 20:53:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\REDEMUNINS.INI
[2010/05/02 15:19:36 | 004,018,460 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Beastie boys - brass monkey.flv
[2010/05/02 15:16:40 | 005,286,360 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Whodini- Friends.flv
[2010/05/01 15:36:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\videopadSevenDays.job
[2010/05/01 15:36:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\debutSevenDays.job
[2010/05/01 10:57:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\broadcamShakeIcon.job
[2010/05/01 10:26:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 19:54:38 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 17:29:52 | 000,019,256 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\N0648V7xgb7
[2010/04/25 17:02:02 | 000,180,736 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 11:11:09 | 000,392,714 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100517-201721.backup
[2010/04/25 00:13:29 | 000,103,124 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\snapshot3.jpg
[2010/04/24 23:45:28 | 000,106,264 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\snapshot1.jpg
[2010/04/24 23:30:14 | 000,065,513 | ---- | M] () -- C:\Documents and Settings\Ryan Elliott\My Documents\snapshot.jpg
[2010/04/24 15:36:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2010/04/24 15:36:13 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/21 21:32:09 | 000,151,566 | ---- | C] () -- C:\WINDOWS\System32\UninstIPP.isu
[2010/05/21 21:32:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2010/05/21 21:31:39 | 000,009,606 | ---- | C] () -- C:\WINDOWS\System32\NEWSOFT
[2010/05/21 21:31:39 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System\NsTemp.INI
[2010/05/21 21:31:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2010/05/21 21:31:16 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2010/05/21 21:29:27 | 000,000,257 | ---- | C] () -- C:\WINDOWS\setup.iss
[2010/05/21 21:10:05 | 000,012,686 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/05/21 20:22:05 | 001,486,083 | ---- | C] () -- C:\WINDOWS\System32\lxcihelp.hlp
[2010/05/21 20:22:05 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\lxcivs.dll
[2010/05/21 20:22:05 | 000,007,653 | ---- | C] () -- C:\WINDOWS\System32\lxcihelp.cnt
[2010/05/21 20:22:04 | 000,001,614 | R--- | C] () -- C:\WINDOWS\System32\lxci.loc
[2010/05/21 20:13:34 | 000,300,267 | ---- | C] () -- C:\lxciunst.csv
[2010/05/21 20:11:38 | 000,201,629 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\Desktop\Registration Letter 2010.pdf
[2010/05/21 20:11:38 | 000,056,475 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\Desktop\Medical Release Form.pdf
[2010/05/21 19:27:58 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-839522115-1019.job
[2010/05/21 19:27:57 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-839522115-1019.job
[2010/05/20 21:44:59 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\usb001
[2010/05/20 21:36:27 | 000,045,864 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Obesity and Children.docx
[2010/05/20 20:27:20 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200030.107\isolate.ini
[2010/05/17 20:38:54 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/05/17 20:38:54 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/05/17 19:32:18 | 007,977,350 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Goodie Mob - Black Ice.flv
[2010/05/17 19:29:34 | 009,040,851 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\OutKast - Git Up, Git Out.flv
[2010/05/17 19:25:54 | 007,714,648 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Goodie Mob Dirty South.flv
[2010/05/17 19:22:04 | 003,860,162 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Paid In Full - Eric B. Rakim.flv
[2010/05/17 18:35:50 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/17 18:35:50 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/17 18:35:27 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymEFA.inf
[2010/05/17 18:35:27 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymDS.inf
[2010/05/17 18:35:27 | 000,001,754 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\ccHPx86.inf
[2010/05/17 18:35:27 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymNetV.inf
[2010/05/17 18:35:27 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymNet.inf
[2010/05/17 18:35:27 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\srtspx.inf
[2010/05/17 18:35:27 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\srtsp.inf
[2010/05/17 18:35:27 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\Iron.inf
[2010/05/17 18:35:09 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\symnetv.cat
[2010/05/17 18:35:09 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymEFA.cat
[2010/05/17 18:35:09 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\srtspx.cat
[2010/05/17 18:35:09 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\srtsp.cat
[2010/05/17 18:35:09 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\iron.cat
[2010/05/17 18:35:09 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymDS.cat
[2010/05/17 18:35:09 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\cchpx86.cat
[2010/05/17 18:35:09 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\SymNet.cat
[2010/05/17 18:35:09 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\isolate.ini
[2010/05/16 13:05:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-839522115-1018.job
[2010/05/16 11:29:58 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-839522115-1018.job
[2010/05/13 06:32:05 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-839522115-1017.job
[2010/05/10 22:02:13 | 016,059,733 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Yokan by Heidi. - Kaichou wa Maid-sama! Ending 1.flv
[2010/05/10 21:58:50 | 016,271,094 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Shoko Nakagawa - RAY OF LIGHT (HQ).flv
[2010/05/10 21:49:30 | 006,050,294 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Rain by SID (Opening Fullmetal Alchemist Shintetsu) [FULL].flv
[2010/05/06 21:08:05 | 052,371,795 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Phoebus HS Baseball Comeback vs Kecoughtan 4 30 2010.flv
[2010/05/04 20:07:11 | 005,496,069 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\nas - black republican.flv
[2010/05/02 15:17:45 | 004,018,460 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Beastie boys - brass monkey.flv
[2010/05/02 15:14:08 | 005,286,360 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\Whodini- Friends.flv
[2010/04/27 07:12:28 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-839522115-1017.job
[2010/04/26 22:26:07 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/26 22:26:05 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/26 22:24:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/26 22:24:10 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/26 22:24:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/26 22:24:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/26 22:24:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/26 22:24:10 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/26 17:54:07 | 000,636,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\Cat.DB
[2010/04/26 17:19:26 | 000,019,256 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N0648V7xgb7
[2010/04/25 10:57:46 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\broadcamShakeIcon.job
[2010/04/25 00:13:29 | 000,103,124 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\snapshot3.jpg
[2010/04/24 23:45:28 | 000,106,264 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\snapshot1.jpg
[2010/04/24 23:30:14 | 000,065,513 | ---- | C] () -- C:\Documents and Settings\Ryan Elliott\My Documents\snapshot.jpg
[2010/04/24 15:36:27 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2010/04/24 15:36:27 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\debutSevenDays.job
[2010/04/24 15:36:13 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\videopadSevenDays.job
[2010/04/24 15:36:12 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2010/03/06 20:16:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/03/04 22:06:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\CLEyeDevices.dll
[2010/02/19 20:46:59 | 000,004,224 | R--- | C] () -- C:\WINDOWS\System32\drivers\REFILERW.SYS
[2010/02/19 20:46:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI
[2010/02/19 20:43:01 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2010/02/19 20:43:01 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2010/02/19 20:43:01 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2010/01/16 11:44:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2009/11/24 21:48:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\msdrvn.drv
[2009/09/06 21:57:24 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009/09/06 21:57:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/06/09 12:21:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.9.95478.509_XP_Vista_x32.INI
[2009/05/31 23:58:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/04/18 15:26:42 | 000,000,123 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2009/04/16 21:28:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 21:28:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/04/02 18:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/02/19 23:47:36 | 000,000,218 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/20 22:26:21 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/01/10 08:16:20 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/10 08:15:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/05/26 09:29:14 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/04/03 08:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/16 06:48:02 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 06:48:00 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 13:54:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/06 19:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/18 12:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/18 12:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/18 12:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/18 12:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/06/06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2006/03/16 20:51:38 | 000,081,536 | ---- | M] (NVIDIA Corporation) MD5=4BC863E8FB65EBCFDDE04822CF875E76 -- C:\WINDOWS\dell\nvraid\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 14:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/18 01:27:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/18 01:27:23 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/18 01:27:23 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/17 18:35:50 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD060F93
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6376D76E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2ADBD5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:32 AM

Posted 23 May 2010 - 04:22 AM

Hi,

please try to run gmer withou the option devices checked and let me know if it still crashes.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If you still have the log from ComboFix, please post that one too.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Nick264

Nick264
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 25 May 2010 - 06:40 PM

Hey, once again sorry for delay, but i hope you read my PM i sent you. It is at this moment impossible to run the program you need a log for. No matter what account i run it on, after it gets to a certain point my computer automatically restarts without warning. It seems this is due to a process services. exe that suddenly takes up 60% of cpu automatically from restarts on. It also seems like i now have over 10 svchost.exe files that arent particulary taking up cpu but are running which i think is causing the services process to take up alot of the computers cpu. Due to it, though, it makes it really hard to run any program, especially a powerful program like GMER, so im at a lost with what to do. Also, Norton Internet Security 2010 started having so many problems after sonar protection went off, such as liveupdate not working an not connecting to the internet, and i even suddenly lost connection with my lexmark printer, which is now refusing to respond with the computer. Im not sure what is going on but i just now have got the computer stable enough to send you this reply

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:32 AM

Posted 26 May 2010 - 07:37 AM

Hi,

please try to uncheck everything except sections as shown in this picture:


Let me know if the scan does now complete. If it takes more than 30 minutes abort and let me know.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Nick264

Nick264
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 29 May 2010 - 04:19 PM

Hey myrti just wanted to let you know that the computer went into a BSOD state upon initiation of the GMER software again and this time it didnt come out of the BSOD state, no matter what. Even after attempting to do a system repair with the installation disk it failed. SO i ended up having to reinstall the whole computer from the bottom up. Fortunantly i had a backup drive enabled so i didn't lose anything important, but since i had to wipe the whole computer clean, there is no longer a problem so this topic can be closed.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:32 AM

Posted 30 May 2010 - 10:54 AM

Hi,

I'm very sorry to hear that. Gmer is a diagnostic tool and shouldn't have changed anything on your PC. Do you happen to remember the BSOD you were getting?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Nick264

Nick264
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 31 May 2010 - 09:47 AM

I don't remember exactly because it looked like it was a different drive or file each time that sent the computer into that state( which i didn't really understand since i unchecked everything you told me to). I do highly suspect that GMER wasn't the cause though, because it seemed like every time i tried using other programs or scan for viruses, the computer would automatically reboot, only when it rebooted the very last time it showed windows loading and after that refused to load anything after that and just sat at a blank screen

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:32 AM

Posted 31 May 2010 - 11:21 AM

Hehe,

ok I'm happy to hear that it may not have been gmer, since I'm running it on a lot of PCs. whistling.gif Do you have any more questions or can I close this topic?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Nick264

Nick264
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 31 May 2010 - 11:31 AM

Nah no more questions. Thanks again for attempted help, just glad things are good now

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:32 AM

Posted 31 May 2010 - 02:03 PM

Since this topic appears to be resolved, I will now close it. Thanks for letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users