Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32
  1. #1
    Member Putts's Avatar
    Join Date
    Jan 2007
    Location
    Noble, OK
    Posts
    266
    Points
    6

    Default Checkup Desktop - OTL.txt log

    I have a Dell P370 running XP SP3 which needs a checkup. It sometimes runs slow. Also I have a recurring file I cant get rid of. It is C\WINDOWS\temp\is-CDMKB.tmp\TSASetup.tmp. Altho the is- part changes. It has showed up as is-V8GKP.tmp, is-FD25.tmp, is-N8IRo.tmp and others. ZoneAlaem firewall gives me the option to agree or deny. Even tho I hit deny in a couple of days it comes back.

    zep516 gave me some excellent help on a laptop that was running slow. He told me to post my desktop problem. And to post the QTL logs.

    Here is the OTL.txt log. The Extras.txt log will follow in the next post:

    OTL logfile created on: 11/26/2013 2:03:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George Corkins\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.76% Memory free
    6.75 Gb Paging File | 6.07 Gb Available in Paging File | 89.98% Paging File free
    Paging file location(s): C:\pagefile.sys 4000 4050 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.75 Gb Total Space | 49.04 Gb Free Space | 43.89% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 420.69 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 275.05 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
    Drive F: | 2794.51 Gb Total Space | 1780.80 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
    Drive G: | 2794.51 Gb Total Space | 2521.97 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
    Drive Q: | 465.76 Gb Total Space | 465.62 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive Y: | 93.10 Gb Total Space | 58.92 Gb Free Space | 63.28% Space Free | Partition Type: NTFS

    Computer Name: PRECISION370 | User Name: George Corkins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/26 13:30:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2013/10/18 21:25:57 | 000,456,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    PRC - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/08/30 01:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/05/07 09:54:56 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
    PRC - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
    PRC - [2011/09/16 13:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2004/12/03 10:52:38 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
    PRC - [2004/06/29 10:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    PRC - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe
    PRC - [2004/02/16 12:47:22 | 000,121,856 | -HS- | M] (ZQS Software Team) -- C:\WINDOWS\SYSTEM32\fpplock.exe
    PRC - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/11/26 07:28:23 | 002,240,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13112600\algo.dll
    MOD - [2013/11/25 11:22:01 | 002,240,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13112501\algo.dll
    MOD - [2013/10/09 15:20:56 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/09 15:18:57 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
    MOD - [2013/10/09 15:18:35 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/09 15:16:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013/08/14 15:04:18 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
    MOD - [2013/08/14 15:04:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/14 15:03:51 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
    MOD - [2013/08/14 14:59:00 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/14 14:58:20 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
    MOD - [2013/08/14 14:54:54 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/07/15 11:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    MOD - [2013/07/11 12:19:59 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
    MOD - [2013/07/11 12:10:24 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2012/11/29 10:14:54 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
    MOD - [2007/02/13 18:58:14 | 002,946,664 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\VProRecovery\VProObj.dll
    MOD - [2007/02/13 18:57:02 | 001,685,104 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\VProRecovery\EventMonitors.dll
    MOD - [2004/06/28 13:37:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\SYSTEM32\custmon2k.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)
    SRV - [2013/11/12 21:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
    SRV - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/05/07 09:54:56 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2010/11/16 16:50:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
    SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)
    SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2004/12/03 10:52:38 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
    SRV - [2004/06/29 10:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
    SRV - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
    SRV - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tixhci.sys -- (tixhci)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tihub3.sys -- (tihub3)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss.sys -- (StreamSurge)
    DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SpywareDetector\SDManager.sys -- (SDManager)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\C.tmp -- (MEMSWEEP2)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Player\cds300.dll -- (caed5d8b-8ad3-46e9-858e-3135378e7be7)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
    DRV - [2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (Vsdatant)
    DRV - [2013/08/30 01:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/08/30 01:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/08/30 01:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/08/30 01:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/08/30 01:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2013/08/30 01:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/08/30 01:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/08/30 01:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/07/31 05:23:50 | 000,121,688 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -- (AnyDVD)
    DRV - [2012/11/29 10:48:48 | 006,812,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
    DRV - [2012/08/27 18:43:18 | 000,177,800 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
    DRV - [2012/08/27 18:43:16 | 000,085,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nusb3hub.sys -- (nusb3hub)
    DRV - [2012/05/14 00:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtihdXP3.sys -- (AtiHDAudioService)
    DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/05/03 10:30:28 | 000,068,608 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pcatip.sys -- (Pcatip)
    DRV - [2008/04/13 12:41:00 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ppa3.sys -- (ppa3)
    DRV - [2008/04/13 12:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
    DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WimFltr.sys -- (WimFltr)
    DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symsnap.sys -- (symsnap)
    DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v2imount.sys -- (v2imount)
    DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor)
    DRV - [2006/03/09 10:33:22 | 000,366,080 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -- (RT61)
    DRV - [2005/09/26 07:25:29 | 000,055,168 | ---- | M] (Macrovision Europe Ltd) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sdcplh.sys -- (sdcplh)
    DRV - [2005/04/21 12:33:12 | 000,112,384 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wg111v2.sys -- (RTLWUSB)
    DRV - [2005/03/23 11:57:00 | 000,147,328 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (WUSB54GPV4SRV)
    DRV - [2004/12/03 10:52:50 | 000,050,898 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IomDisk.sys -- (iomdisk)
    DRV - [2004/12/01 00:48:35 | 000,485,248 | ---- | M] (Iomega Corporation) [File_System | Boot | Unknown] -- C:\WINDOWS\System32\drivers\dnbudf.sys -- (dnbudf)
    DRV - [2004/11/26 13:16:12 | 000,122,368 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Xstream.sys -- (WISTechVIDCAP)
    DRV - [2004/11/26 13:13:24 | 000,013,696 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\XLoader.sys -- (XLoader)
    DRV - [2004/06/29 13:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dontgo.sys -- (dontgo)
    DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
    DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X)
    DRV - [2004/03/09 08:58:06 | 000,329,088 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\3c1807pd.sys -- (3c1807pd)
    DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
    DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
    DRV - [2003/12/17 08:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042pr2.Sys -- (L8042pr2)
    DRV - [2003/12/17 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
    DRV - [2003/12/17 08:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
    DRV - [2003/11/11 17:10:52 | 000,006,784 | ---- | M] (SIIG, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\portmon2.sys -- (portmon2)
    DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bb-run.sys -- (bb-run)
    DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (Pfc)
    DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)
    DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRpdA.sys -- (USRpdA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Yahoo SearchBar Home Page
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo SearchBar Home Page
    IE - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyE0DtDzyyByBtA0AtA0DtN0D0Tzu0CyCzyyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=915785021&ir=


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Dell Official Site - The Power To Do More | Dell
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    IE - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyE0DtDzyyByBtA0AtA0DtN0D0Tzu0CyCzyyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=915785021&ir=
    IE - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\..\SearchScopes\Google: "URL" = %s - Google Search
    IE - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
    FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.3
    FF - prefs.js..extensions.enabledAddons: savedpasswords%40adamfranco.com:1.2.4
    FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.7.1
    FF - prefs.js..extensions.enabledAddons: myhomepage_manishjain9%40gmail.com:1.2
    FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_24: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2012/10/28 12:41:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/12 09:55:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/25 14:11:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/25 14:11:22 | 000,000,000 | ---D | M]

    [2008/08/27 11:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Extensions
    [2013/11/26 08:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions
    [2013/11/25 18:55:05 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013/11/25 18:55:05 | 000,013,802 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\myhomepage_manishjain9@gmail.com.xpi
    [2013/11/26 08:43:13 | 000,057,194 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
    [2013/11/25 18:55:05 | 000,215,334 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\savedpasswordeditor@daniel.dawson.xpi
    [2013/11/25 18:55:05 | 000,030,097 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\savedpasswords@adamfranco.com.xpi
    [2013/11/25 18:52:39 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/11/25 18:55:05 | 000,024,565 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
    [2013/11/25 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/11/25 14:11:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2013/11/25 14:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/11/25 14:11:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/09/12 09:55:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2008/04/06 10:15:16 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll

    ========== Chrome ==========

    CHR - homepage: Yahoo Search - Web Search

    O1 HOSTS File: ([2013/10/26 08:02:44 | 000,445,546 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com mobile
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 ͨ,,𱦲188,ͨ,ټ,ټ
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15334 more lines...
    O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\213a088a-911e-42d0-885f-bf5690c5e692.exe (AVAST Software)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [USRpdA] File not found
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Yahoo! Dictionary - C:\Program Files\Yahoo!\Common [2008/09/03 12:16:22 | 000,000,000 | ---D | M]
    O8 - Extra context menu item: Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/03 12:16:22 | 000,000,000 | ---D | M]
    O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} http://www.hp.com/cpso-support-new/S...dObjSigned.cab (HPSDDX Class)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safety.live.com/reso...lscbase969.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1150308537109 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yahoo.com/dl/install...od/yregcfg.cab (RegConfig Class)
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} http://www.investors.com/member/ocx/plotwon.ocx (Plotwon Control)
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/tech...l/SymAData.cab (ActiveDataInfo Class)
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} Welcome to Flickr - Photo Sharing (PhotosCtrl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab (MSN Chat Control 4.5)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CEA5B5-F0D5-4ECE-8FF6-1A9F9AA06009}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3750B77-B884-446E-B1B7-FB87A1DD7386}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - File not found
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/01/30 13:16:21 | 000,000,018 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - Unable to obtain root file information for disk Y:\
    O33 - MountPoints2\##Gc-d610#T\Shell - "" = AutoRun
    O33 - MountPoints2\##Gc-d610#T\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\##Gc-d610#T\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 18:12:34 | 000,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{326e0f0d-c994-11e0-9e08-0011114d0977}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 18:12:34 | 000,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{8f8a221f-0e23-11e2-ba96-0011114d0977}\Shell\AutoRun\command - "" = G:\urDrive.exe
    O33 - MountPoints2\{8f8a2220-0e23-11e2-ba96-0011114d0977}\Shell\AutoRun\command - "" = G:\urDrive.exe
    O33 - MountPoints2\{c4266b3d-eea8-11dc-b3e9-001a703aa7c3}\Shell\AutoRun\command - "" = R:\setupSNK.exe
    O34 - HKLM BootExecute: (sdearlydelete)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (sdnclean.exe)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/26 13:30:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    [2013/11/25 16:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Application Data\0D0S1L2Z1P1B
    [2013/11/25 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
    [2013/11/25 16:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Open It!
    [2013/11/25 16:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenIt
    [2013/11/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\My Documents\Downloads
    [2013/11/25 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/11/24 14:49:34 | 000,477,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2013/11/24 14:49:34 | 000,473,520 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/11/24 11:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Application Data\CrystalIdea Software
    [2013/11/23 11:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Save & Restore
    [2013/11/23 11:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Save and Restore
    [2013/11/23 10:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Desktop\Old Firefox Data
    [2013/11/23 09:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
    [2013/11/09 15:39:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\George Corkins\Recent
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2C0A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0C0A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0C04
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0816
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0804
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0424
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041F
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041E
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041D
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041B
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0419
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0416
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0415
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0414
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0413
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0412
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0411
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0410
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040E
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040D
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040C
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040B
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0409
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0408
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0407
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0406
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0405
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0404
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0401
    [2013/11/01 13:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Renesas Electronics
    [2013/11/01 13:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Renesas Electronics
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/26 14:00:01 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2013/11/26 13:59:18 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\HiJackThis.lnk
    [2013/11/26 13:34:54 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
    [2013/11/26 13:30:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    [2013/11/26 13:26:55 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
    [2013/11/26 12:54:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
    [2013/11/26 10:56:00 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/11/26 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/11/26 07:46:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2013/11/26 07:44:49 | 3219,288,064 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/25 16:18:38 | 000,351,124 | ---- | M] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\mysearchdial-speeddial.crx
    [2013/11/25 14:40:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/11/25 14:10:28 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/11/25 14:10:27 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2013/11/25 10:48:56 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/11/24 14:29:02 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\procexp.exe.lnk
    [2013/11/24 11:38:35 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\speedyfox.lnk
    [2013/11/23 11:20:48 | 000,002,032 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\Norton Save & Restore.lnk
    [2013/11/23 11:16:58 | 000,417,569 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2013/11/23 09:57:30 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
    [2013/11/23 09:45:57 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/11/23 09:45:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/11/22 19:15:32 | 000,000,314 | -HS- | M] () -- C:\BOOT.INI
    [2013/11/09 09:39:19 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
    [2013/11/06 12:26:01 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Access 2003 (2).lnk
    [2013/11/05 20:40:07 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/11/05 12:28:09 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2013/11/04 13:27:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/11/03 07:38:24 | 000,468,584 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2013/11/03 07:38:23 | 000,080,938 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/25 16:19:08 | 000,351,124 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\mysearchdial-speeddial.crx
    [2013/11/24 14:29:07 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\procexp.exe.lnk
    [2013/11/24 11:51:25 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\speedyfox.lnk
    [2013/11/23 11:20:48 | 000,002,032 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\Norton Save & Restore.lnk
    [2013/07/16 09:33:51 | 000,038,483 | ---- | C] () -- C:\Documents and Settings\George Corkins\Application Data\Comma Separated Values (Windows).ADR
    [2013/06/28 05:44:37 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/06/26 12:01:11 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/06/26 12:01:11 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/03/01 14:28:48 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/03/01 14:28:47 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/01/19 16:19:57 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LaunchURL.bat
    [2012/07/14 07:34:49 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
    [2012/07/03 13:25:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2012/07/03 13:25:07 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2012/07/03 13:25:07 | 000,662,785 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2012/07/03 13:25:07 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2012/07/03 13:24:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/16 13:18:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2009/03/14 13:41:14 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2008/01/04 14:05:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George Corkins\LOG
    [2007/09/08 07:43:54 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\fusioncache.dat
    [2007/02/26 14:22:11 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/27 10:55:37 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\George Corkins\ntuser.pol
    [2006/12/23 12:57:44 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2006/12/10 10:54:30 | 000,235,257 | ---- | C] () -- C:\Documents and Settings\George Corkins\FAVORITES.htm
    [2006/11/29 12:17:40 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\George Corkins\Application Data\.zreglib
    [2004/11/12 16:07:13 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\UNWISE.EXE: SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\dBase.pif: SummaryInformation
    @Alternate Data Stream - 24 bytes -> C:\WINDOWS:57CF613D854D1C25
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

    < End of report >

  2. #2
    Member Putts's Avatar
    Join Date
    Jan 2007
    Location
    Noble, OK
    Posts
    266
    Points
    6

    Default

    Here is the Extras.txt Log:

    OTL Extras logfile created on: 11/26/2013 2:03:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George Corkins\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.76% Memory free
    6.75 Gb Paging File | 6.07 Gb Available in Paging File | 89.98% Paging File free
    Paging file location(s): C:\pagefile.sys 4000 4050 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.75 Gb Total Space | 49.04 Gb Free Space | 43.89% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 420.69 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 275.05 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
    Drive F: | 2794.51 Gb Total Space | 1780.80 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
    Drive G: | 2794.51 Gb Total Space | 2521.97 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
    Drive Q: | 465.76 Gb Total Space | 465.62 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive Y: | 93.10 Gb Total Space | 58.92 Gb Free Space | 63.28% Space Free | Partition Type: NTFS

    Computer Name: PRECISION370 | User Name: George Corkins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = ComFile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\File Type Assistant\tsassist.exe" = C:\Program Files\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
    "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{12BCFE06-9903-24EE-34D5-A862E1ED80FA}" = CCC Help Chinese Traditional
    "{14E11854-0B44-6797-AEF5-D8AA0DB4EAEE}" = CCC Help Swedish
    "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.5
    "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{19297293-39EB-5999-49B0-B97BF4BBC96C}" = CCC Help Finnish
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
    "{1C3C065F-78E9-F1E6-0DA7-90DE8C288194}" = CCC Help Norwegian
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
    "{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{324A05F8-91F8-E9D4-19CF-8F2BE9DCD341}" = CCC Help Turkish
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3759CC1E-8259-4B0D-862A-078EABFFD97F}" = HP Officejet Pro 8500 A910 Product Improvement Study
    "{3AE5A1B4-D6AE-48D4-A07F-46A806CD53E6}" = HP Officejet Pro 8500 A910 Basic Device Software
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{43324AB3-7780-96B6-BD0A-E32D25D89321}" = CCC Help Chinese Standard
    "{44B1C822-AC99-F7DE-0858-05F409228F5E}" = CCC Help Thai
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
    "{51372A73-2BC8-2BAC-0197-22BCF2A2989F}" = Catalyst Control Center InstallProxy
    "{53B37769-A9B3-B9A7-752D-735675A742A4}" = CCC Help Danish
    "{53D5C8D3-442D-4797-8AB1-BA5A2DC079C1}" = NowPDF Professional
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
    "{59C03182-A00F-9FDD-445B-034DC9EB4362}" = CCC Help Greek
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6C8113C6-8614-0298-DC8D-C935FF43867D}" = CCC Help Hungarian
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7214A242-8864-B089-19BA-A44B941C3B35}" = CCC Help Spanish
    "{751910E3-ECF1-44D0-BF3F-2936A4424514}" = ImageMixer3
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C2B745A-E7F1-41F1-B9BB-3DDB8D52E4CE}" = Readiris Pro 11
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
    "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{9120E9AE-40AD-42BD-9C67-2E855099D5E8}_is1" = Patin-Couffin 19
    "{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
    "{95523DE5-6C18-29D8-CF65-AAB393553114}" = CCC Help German
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DDECF68-1D45-1FC5-CD5E-D89F4A67B00B}" = CCC Help French
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
    "{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
    "{A8891B83-2539-0E8D-AE14-D27D3EAEDF8E}" = CCC Help Portuguese
    "{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore
    "{B5F1E83D-36E0-29E7-EC95-6283ED2DDEB1}" = CCC Help Polish
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B665C019-1CDE-CC9E-3F1B-E00F3C7FB6A9}" = CCC Help Czech
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}" = SnagIt 8
    "{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
    "{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}" = Jasc Paint Shop Photo Album
    "{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
    "{C92FD139-9B7B-5AD0-2954-337A150139A8}" = CCC Help Korean
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}" = Iomega HotBurn Pro
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE0DC1BF-04D7-8401-46F5-AA3406018CFD}" = CCC Help Dutch
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7712B3-2227-DF09-F8BE-E052D053A221}" = Catalyst Control Center
    "{D35461D8-DD44-F779-7B96-25C40C31DFC2}" = CCC Help Russian
    "{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
    "{D675C860-EA41-C92A-EF3B-B4BBE8DDD377}" = ccc-utility
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DBD2CEED-E1C8-8FFC-5A7F-AB8D55BDE5C1}" = AMD Catalyst Install Manager
    "{DE369841-1E31-B9A8-B806-CE05325857C5}" = CCC Help Japanese
    "{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{F520E182-18E8-78B5-C649-29DE79419D52}" = CCC Help English
    "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
    "{F65602F5-2DEC-08DF-52A8-3C9A65E56E8A}" = Catalyst Control Center Localization All
    "{F940F44E-F910-DDD1-848D-E3616C1AA647}" = CCC Help Italian
    "{FC18DB33-4466-D446-4667-D09E16882F2F}" = Catalyst Control Center Graphics Previews Common
    "2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
    "Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.3 Standard
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "All Sound Recorder XP_is1" = All Sound Recorder XP 2.30
    "AnyDVD" = AnyDVD
    "avast" = avast! Free Antivirus
    "BroadJump Client Foundation" = BroadJump Client Foundation
    "CCleaner" = CCleaner
    "CloneDVD2" = CloneDVD2
    "Coupon Companion" = Coupon Companion
    "DateInTray" = DateInTray 1.6
    "Defraggler" = Defraggler
    "DubIt" = DubIt
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "ExpressRip" = Express Rip Uninstall
    "filehippo.com" = FileHippo.com Update Checker
    "Folder Password Expert 2.2_is1" = Folder Password Expert 2.2
    "Fox Audio Recording" = Fox Audio Recording
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
    "InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
    "InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
    "InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "Jasc Paint Shop Pro 8.10 Update Patch" = Jasc Paint Shop Pro 8.10 Update Patch
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "MSNINST" = MSN
    "MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NetMos Technology" = NetMos Multi-IO Controller
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NowPDF Writer" = NowPDF Writer
    "NVEContent!UninstallKey" = NeroVision Express Content
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenIt Open It!" = Open It!
    "Password Generator 2.1.1_is1" = Password Generator 2.1.1
    "QVP" = Quick View Plus
    "RealPlayer 12.0" = RealPlayer
    "Recuva" = Recuva
    "SBC.MCCInstall" = AT&T Self Support Tool
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "SpeedItupFree4.95" = Speeditup Free 4.90
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "SpywareBlaster_is1" = SpywareBlaster 5.0
    "SystemRequirementsLab" = System Requirements Lab
    "Trusted Software Assistant_is1" = File Type Assistant
    "WhoCrashed_is1" = WhoCrashed 3.05
    "WIC" = Windows Imaging Component
    "Windows Live Safety Scanner" = Windows Live Safety Scanner
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinX Free MOV to WMV Converter_is1" = WinX Free MOV to WMV Converter 4.1.11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
    "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
    "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
    "ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Zip Extractor Packages" = Zip Extractor Packages

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/26/2013 11:29:44 AM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 11:29:44 AM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 1:01:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 1:01:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 1:13:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 1:13:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 2:34:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 2:34:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 2:43:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 2:43:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    [ System Events ]
    Error - 11/25/2013 6:19:10 PM | Computer Name = PRECISION370 | Source = SideBySide | ID = 16842813
    Description = Syntax error in manifest or policy file "C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\935.0107077794412_Update.exe"
    on line 3. The required attribute name is missing from element assemblyIdentity.

    Error - 11/25/2013 6:19:10 PM | Computer Name = PRECISION370 | Source = SideBySide | ID = 16842810
    Description = Syntax error in manifest or policy file "C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\935.0107077794412_Update.exe"
    on line 3.

    Error - 11/25/2013 6:19:10 PM | Computer Name = PRECISION370 | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\935.0107077794412_Update.exe.
    Reference
    error message: The operation completed successfully. .

    Error - 11/25/2013 6:34:24 PM | Computer Name = PRECISION370 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SDManager

    Error - 11/25/2013 6:44:36 PM | Computer Name = PRECISION370 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BBUpdate with
    arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

    Error - 11/25/2013 7:33:08 PM | Computer Name = PRECISION370 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
    asc3550
    atapi
    cbidf
    cd20xrnt
    CmdIde
    Cpqarray
    dac2w2k
    dac960nt
    dpti2o
    hpn
    i2omp
    ini910u
    IntelIde
    mraid35x
    perc2
    perc2hib
    ppa3
    ql1080
    Ql10wnt
    ql12160
    ql1240
    ql1280
    SDManager
    sisagp
    Sparrow
    symc810
    symc8xx
    sym_hi
    sym_u3
    TosIde
    ulsata2
    ultra
    viaagp
    ViaIde

    Error - 11/25/2013 7:43:14 PM | Computer Name = PRECISION370 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BBUpdate with
    arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

    Error - 11/25/2013 8:48:48 PM | Computer Name = PRECISION370 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SDManager

    Error - 11/26/2013 9:46:39 AM | Computer Name = PRECISION370 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SDManager

    Error - 11/26/2013 9:56:59 AM | Computer Name = PRECISION370 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BBUpdate with
    arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}


    < End of report >

  3. #3
    Member Putts's Avatar
    Join Date
    Jan 2007
    Location
    Noble, OK
    Posts
    266
    Points
    6

    Default

    Here is the Extras.txt Log:

    OTL Extras logfile created on: 11/26/2013 2:03:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George Corkins\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.76% Memory free
    6.75 Gb Paging File | 6.07 Gb Available in Paging File | 89.98% Paging File free
    Paging file location(s): C:\pagefile.sys 4000 4050 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.75 Gb Total Space | 49.04 Gb Free Space | 43.89% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 420.69 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 275.05 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
    Drive F: | 2794.51 Gb Total Space | 1780.80 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
    Drive G: | 2794.51 Gb Total Space | 2521.97 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
    Drive Q: | 465.76 Gb Total Space | 465.62 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive Y: | 93.10 Gb Total Space | 58.92 Gb Free Space | 63.28% Space Free | Partition Type: NTFS

    Computer Name: PRECISION370 | User Name: George Corkins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = ComFile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    "C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP-C6180\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP-C6180\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP-C6180\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\File Type Assistant\tsassist.exe" = C:\Program Files\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
    "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{12BCFE06-9903-24EE-34D5-A862E1ED80FA}" = CCC Help Chinese Traditional
    "{14E11854-0B44-6797-AEF5-D8AA0DB4EAEE}" = CCC Help Swedish
    "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.5
    "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{19297293-39EB-5999-49B0-B97BF4BBC96C}" = CCC Help Finnish
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
    "{1C3C065F-78E9-F1E6-0DA7-90DE8C288194}" = CCC Help Norwegian
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
    "{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{324A05F8-91F8-E9D4-19CF-8F2BE9DCD341}" = CCC Help Turkish
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3759CC1E-8259-4B0D-862A-078EABFFD97F}" = HP Officejet Pro 8500 A910 Product Improvement Study
    "{3AE5A1B4-D6AE-48D4-A07F-46A806CD53E6}" = HP Officejet Pro 8500 A910 Basic Device Software
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{43324AB3-7780-96B6-BD0A-E32D25D89321}" = CCC Help Chinese Standard
    "{44B1C822-AC99-F7DE-0858-05F409228F5E}" = CCC Help Thai
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
    "{51372A73-2BC8-2BAC-0197-22BCF2A2989F}" = Catalyst Control Center InstallProxy
    "{53B37769-A9B3-B9A7-752D-735675A742A4}" = CCC Help Danish
    "{53D5C8D3-442D-4797-8AB1-BA5A2DC079C1}" = NowPDF Professional
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
    "{59C03182-A00F-9FDD-445B-034DC9EB4362}" = CCC Help Greek
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6C8113C6-8614-0298-DC8D-C935FF43867D}" = CCC Help Hungarian
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7214A242-8864-B089-19BA-A44B941C3B35}" = CCC Help Spanish
    "{751910E3-ECF1-44D0-BF3F-2936A4424514}" = ImageMixer3
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C2B745A-E7F1-41F1-B9BB-3DDB8D52E4CE}" = Readiris Pro 11
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
    "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{9120E9AE-40AD-42BD-9C67-2E855099D5E8}_is1" = Patin-Couffin 19
    "{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
    "{95523DE5-6C18-29D8-CF65-AAB393553114}" = CCC Help German
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DDECF68-1D45-1FC5-CD5E-D89F4A67B00B}" = CCC Help French
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
    "{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
    "{A8891B83-2539-0E8D-AE14-D27D3EAEDF8E}" = CCC Help Portuguese
    "{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore
    "{B5F1E83D-36E0-29E7-EC95-6283ED2DDEB1}" = CCC Help Polish
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B665C019-1CDE-CC9E-3F1B-E00F3C7FB6A9}" = CCC Help Czech
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}" = SnagIt 8
    "{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
    "{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}" = Jasc Paint Shop Photo Album
    "{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
    "{C92FD139-9B7B-5AD0-2954-337A150139A8}" = CCC Help Korean
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}" = Iomega HotBurn Pro
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE0DC1BF-04D7-8401-46F5-AA3406018CFD}" = CCC Help Dutch
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7712B3-2227-DF09-F8BE-E052D053A221}" = Catalyst Control Center
    "{D35461D8-DD44-F779-7B96-25C40C31DFC2}" = CCC Help Russian
    "{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
    "{D675C860-EA41-C92A-EF3B-B4BBE8DDD377}" = ccc-utility
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DBD2CEED-E1C8-8FFC-5A7F-AB8D55BDE5C1}" = AMD Catalyst Install Manager
    "{DE369841-1E31-B9A8-B806-CE05325857C5}" = CCC Help Japanese
    "{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{F520E182-18E8-78B5-C649-29DE79419D52}" = CCC Help English
    "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
    "{F65602F5-2DEC-08DF-52A8-3C9A65E56E8A}" = Catalyst Control Center Localization All
    "{F940F44E-F910-DDD1-848D-E3616C1AA647}" = CCC Help Italian
    "{FC18DB33-4466-D446-4667-D09E16882F2F}" = Catalyst Control Center Graphics Previews Common
    "2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
    "Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.3 Standard
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "All Sound Recorder XP_is1" = All Sound Recorder XP 2.30
    "AnyDVD" = AnyDVD
    "avast" = avast! Free Antivirus
    "BroadJump Client Foundation" = BroadJump Client Foundation
    "CCleaner" = CCleaner
    "CloneDVD2" = CloneDVD2
    "Coupon Companion" = Coupon Companion
    "DateInTray" = DateInTray 1.6
    "Defraggler" = Defraggler
    "DubIt" = DubIt
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "ExpressRip" = Express Rip Uninstall
    "filehippo.com" = FileHippo.com Update Checker
    "Folder Password Expert 2.2_is1" = Folder Password Expert 2.2
    "Fox Audio Recording" = Fox Audio Recording
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
    "InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
    "InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
    "InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "Jasc Paint Shop Pro 8.10 Update Patch" = Jasc Paint Shop Pro 8.10 Update Patch
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "MSNINST" = MSN
    "MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NetMos Technology" = NetMos Multi-IO Controller
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NowPDF Writer" = NowPDF Writer
    "NVEContent!UninstallKey" = NeroVision Express Content
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenIt Open It!" = Open It!
    "Password Generator 2.1.1_is1" = Password Generator 2.1.1
    "QVP" = Quick View Plus
    "RealPlayer 12.0" = RealPlayer
    "Recuva" = Recuva
    "SBC.MCCInstall" = AT&T Self Support Tool
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "SpeedItupFree4.95" = Speeditup Free 4.90
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "SpywareBlaster_is1" = SpywareBlaster 5.0
    "SystemRequirementsLab" = System Requirements Lab
    "Trusted Software Assistant_is1" = File Type Assistant
    "WhoCrashed_is1" = WhoCrashed 3.05
    "WIC" = Windows Imaging Component
    "Windows Live Safety Scanner" = Windows Live Safety Scanner
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinX Free MOV to WMV Converter_is1" = WinX Free MOV to WMV Converter 4.1.11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
    "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
    "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
    "ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1892348803-1003128003-3251164504-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Zip Extractor Packages" = Zip Extractor Packages

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/26/2013 11:29:44 AM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 11:29:44 AM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 1:01:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 1:01:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 1:13:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 1:13:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 2:34:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 2:34:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 2:43:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 11/26/2013 2:43:44 PM | Computer Name = PRECISION370 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    [ System Events ]
    Error - 11/25/2013 6:19:10 PM | Computer Name = PRECISION370 | Source = SideBySide | ID = 16842813
    Description = Syntax error in manifest or policy file "C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\935.0107077794412_Update.exe"
    on line 3. The required attribute name is missing from element assemblyIdentity.

    Error - 11/25/2013 6:19:10 PM | Computer Name = PRECISION370 | Source = SideBySide | ID = 16842810
    Description = Syntax error in manifest or policy file "C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\935.0107077794412_Update.exe"
    on line 3.

    Error - 11/25/2013 6:19:10 PM | Computer Name = PRECISION370 | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\935.0107077794412_Update.exe.
    Reference
    error message: The operation completed successfully. .

    Error - 11/25/2013 6:34:24 PM | Computer Name = PRECISION370 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SDManager

    Error - 11/25/2013 6:44:36 PM | Computer Name = PRECISION370 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BBUpdate with
    arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

    Error - 11/25/2013 7:33:08 PM | Computer Name = PRECISION370 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
    asc3550
    atapi
    cbidf
    cd20xrnt
    CmdIde
    Cpqarray
    dac2w2k
    dac960nt
    dpti2o
    hpn
    i2omp
    ini910u
    IntelIde
    mraid35x
    perc2
    perc2hib
    ppa3
    ql1080
    Ql10wnt
    ql12160
    ql1240
    ql1280
    SDManager
    sisagp
    Sparrow
    symc810
    symc8xx
    sym_hi
    sym_u3
    TosIde
    ulsata2
    ultra
    viaagp
    ViaIde

    Error - 11/25/2013 7:43:14 PM | Computer Name = PRECISION370 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BBUpdate with
    arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

    Error - 11/25/2013 8:48:48 PM | Computer Name = PRECISION370 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SDManager

    Error - 11/26/2013 9:46:39 AM | Computer Name = PRECISION370 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SDManager

    Error - 11/26/2013 9:56:59 AM | Computer Name = PRECISION370 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BBUpdate with
    arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}


    < End of report >

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi George,

    1 Programs to remove from the add remove list.....
    Speeditup Free 4.90

    Then

    A fix removing left overs, nothing serious.


    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      :COMMANDS
      [CREATERESTOREPOINT]

      :OTL

      IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyE0DtDzyyByBtA0AtA0DtN0D0Tzu0CyCzyyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=915785021&ir=
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
      FF - user.js - File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2012/10/28 12:41:06 | 000,000,000 | ---D | M]
      O3 - HKU\S-1-5-21-1892348803-1003128003-3251164504-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [USRpdA] File not found
      O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
      O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
      O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
      O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - File not found
      [2013/11/25 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
      @Alternate Data Stream - 88 bytes -> C:\UNWISE.EXE: SummaryInformation
      @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\dBase.pif: SummaryInformation
      @Alternate Data Stream - 24 bytes -> C:\WINDOWS:57CF613D854D1C25
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
      @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC5A2B2

      :Files

      ipconfig /flushdns /c
      C:\Windows\tasks\At*.job

      :Commands
      [emptytemp]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Please post the following logs in your next reply:

    C:\_OTL\Moved Files
    OTL.txt


    Thanks
    Joe

  5. The Following User Says Thank You to zep516 For This Useful Post:


  6. #5
    Member Putts's Avatar
    Join Date
    Jan 2007
    Location
    Noble, OK
    Posts
    266
    Points
    6

    Default

    Here are the logs. Moved files first

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared deleted successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared folder moved successfully.
    Registry value HKEY_USERS\S-1-5-21-1892348803-1003128003-3251164504-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\USRpdA deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&eBay Search\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
    C:\Program Files\Mysearchdial folder moved successfully.
    Unable to delete ADS C:\UNWISE.EXE: SummaryInformation .
    Unable to delete ADS C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\dBase.pif: SummaryInformation .
    ADS C:\WINDOWS:57CF613D854D1C25 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC5A2B2 .
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\George Corkins\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\George Corkins\Desktop\cmd.txt deleted successfully.
    C:\Windows\tasks\At1.job moved successfully.
    C:\Windows\tasks\At2.job moved successfully.
    C:\Windows\tasks\At3.job moved successfully.
    C:\Windows\tasks\At4.job moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 2357 bytes
    ->Temporary Internet Files folder emptied: 211072 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32969 bytes

    User: George Corkins
    ->Temp folder emptied: 29550715 bytes
    ->Temporary Internet Files folder emptied: 2874624 bytes
    ->Java cache emptied: 185111 bytes
    ->FireFox cache emptied: 40843367 bytes
    ->Flash cache emptied: 827 bytes

    User: LocalService
    ->Temp folder emptied: 6006392 bytes
    ->Temporary Internet Files folder emptied: 156378 bytes

    User: NetworkService
    ->Temp folder emptied: 1980600 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 4343592 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 24521 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 44480868 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 549986333 bytes

    Total Files Cleaned = 649.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11262013_153729

    Files\Folders moved on Reboot...
    C:\Documents and Settings\George Corkins\Local Settings\Temp\~DFAB98.tmp moved successfully.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\ZLT0768a.TMP not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    OTL.txt

    OTL logfile created on: 11/26/2013 3:45:26 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George Corkins\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.44% Memory free
    6.75 Gb Paging File | 5.80 Gb Available in Paging File | 85.89% Paging File free
    Paging file location(s): C:\pagefile.sys 4000 4050 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.75 Gb Total Space | 50.76 Gb Free Space | 45.43% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 420.69 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 275.06 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
    Drive F: | 2794.51 Gb Total Space | 1780.84 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
    Drive G: | 2794.51 Gb Total Space | 2521.97 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
    Drive M: | 93.10 Gb Total Space | 58.91 Gb Free Space | 63.28% Space Free | Partition Type: NTFS
    Drive Q: | 465.76 Gb Total Space | 465.62 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive U: | 465.76 Gb Total Space | 379.81 Gb Free Space | 81.55% Space Free | Partition Type: NTFS
    Drive Y: | 93.10 Gb Total Space | 58.91 Gb Free Space | 63.28% Space Free | Partition Type: NTFS

    Computer Name: PRECISION370 | User Name: George Corkins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/26 13:30:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2013/10/18 21:25:57 | 000,456,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    PRC - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/08/30 01:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/05/07 09:54:56 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
    PRC - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
    PRC - [2011/09/16 13:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2004/12/03 10:52:38 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
    PRC - [2004/06/29 10:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    PRC - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe
    PRC - [2004/02/16 12:47:22 | 000,121,856 | -HS- | M] (ZQS Software Team) -- C:\WINDOWS\SYSTEM32\fpplock.exe
    PRC - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/11/26 07:28:23 | 002,240,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13112600\algo.dll
    MOD - [2013/10/09 15:20:56 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/09 15:18:57 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
    MOD - [2013/10/09 15:18:35 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/09 15:16:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013/08/14 15:04:18 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
    MOD - [2013/08/14 15:04:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/14 15:03:51 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
    MOD - [2013/08/14 14:59:00 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/14 14:58:20 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
    MOD - [2013/08/14 14:54:54 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/07/15 11:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    MOD - [2013/07/11 12:19:59 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
    MOD - [2013/07/11 12:10:24 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2012/11/29 10:14:54 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
    MOD - [2007/02/13 18:58:14 | 002,946,664 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\VProRecovery\VProObj.dll
    MOD - [2007/02/13 18:57:02 | 001,685,104 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\VProRecovery\EventMonitors.dll
    MOD - [2004/06/28 13:37:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\SYSTEM32\custmon2k.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)
    SRV - [2013/11/12 21:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
    SRV - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/05/07 09:54:56 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2010/11/16 16:50:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
    SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)
    SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2004/12/03 10:52:38 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
    SRV - [2004/06/29 10:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
    SRV - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
    SRV - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tixhci.sys -- (tixhci)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tihub3.sys -- (tihub3)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss.sys -- (StreamSurge)
    DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SpywareDetector\SDManager.sys -- (SDManager)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\C.tmp -- (MEMSWEEP2)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Player\cds300.dll -- (caed5d8b-8ad3-46e9-858e-3135378e7be7)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
    DRV - [2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (Vsdatant)
    DRV - [2013/08/30 01:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/08/30 01:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/08/30 01:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/08/30 01:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/08/30 01:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2013/08/30 01:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/08/30 01:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/08/30 01:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/07/31 05:23:50 | 000,121,688 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -- (AnyDVD)
    DRV - [2012/11/29 10:48:48 | 006,812,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
    DRV - [2012/08/27 18:43:18 | 000,177,800 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
    DRV - [2012/08/27 18:43:16 | 000,085,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nusb3hub.sys -- (nusb3hub)
    DRV - [2012/05/14 00:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtihdXP3.sys -- (AtiHDAudioService)
    DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/05/03 10:30:28 | 000,068,608 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pcatip.sys -- (Pcatip)
    DRV - [2008/04/13 12:41:00 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ppa3.sys -- (ppa3)
    DRV - [2008/04/13 12:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
    DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WimFltr.sys -- (WimFltr)
    DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symsnap.sys -- (symsnap)
    DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v2imount.sys -- (v2imount)
    DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor)
    DRV - [2006/03/09 10:33:22 | 000,366,080 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -- (RT61)
    DRV - [2005/09/26 07:25:29 | 000,055,168 | ---- | M] (Macrovision Europe Ltd) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sdcplh.sys -- (sdcplh)
    DRV - [2005/04/21 12:33:12 | 000,112,384 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wg111v2.sys -- (RTLWUSB)
    DRV - [2005/03/23 11:57:00 | 000,147,328 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (WUSB54GPV4SRV)
    DRV - [2004/12/03 10:52:50 | 000,050,898 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IomDisk.sys -- (iomdisk)
    DRV - [2004/12/01 00:48:35 | 000,485,248 | ---- | M] (Iomega Corporation) [File_System | Boot | Unknown] -- C:\WINDOWS\System32\drivers\dnbudf.sys -- (dnbudf)
    DRV - [2004/11/26 13:16:12 | 000,122,368 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Xstream.sys -- (WISTechVIDCAP)
    DRV - [2004/11/26 13:13:24 | 000,013,696 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\XLoader.sys -- (XLoader)
    DRV - [2004/06/29 13:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dontgo.sys -- (dontgo)
    DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
    DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X)
    DRV - [2004/03/09 08:58:06 | 000,329,088 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\3c1807pd.sys -- (3c1807pd)
    DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
    DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
    DRV - [2003/12/17 08:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042pr2.Sys -- (L8042pr2)
    DRV - [2003/12/17 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
    DRV - [2003/12/17 08:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
    DRV - [2003/11/11 17:10:52 | 000,006,784 | ---- | M] (SIIG, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\portmon2.sys -- (portmon2)
    DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bb-run.sys -- (bb-run)
    DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (Pfc)
    DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)
    DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRpdA.sys -- (USRpdA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Yahoo SearchBar Home Page
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo SearchBar Home Page
    IE - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyE0DtDzyyByBtA0AtA0DtN0D0Tzu0CyCzyyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=915785021&ir=
    IE - HKCU\..\SearchScopes\Google: "URL" = %s - Google Search
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
    FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.3
    FF - prefs.js..extensions.enabledAddons: savedpasswords%40adamfranco.com:1.2.4
    FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.7.1
    FF - prefs.js..extensions.enabledAddons: myhomepage_manishjain9%40gmail.com:1.2
    FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_24: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/12 09:55:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/25 14:11:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/25 14:11:22 | 000,000,000 | ---D | M]

    [2008/08/27 11:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Extensions
    [2013/11/26 08:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions
    [2013/11/25 18:55:05 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013/11/25 18:55:05 | 000,013,802 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\myhomepage_manishjain9@gmail.com.xpi
    [2013/11/26 08:43:13 | 000,057,194 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
    [2013/11/25 18:55:05 | 000,215,334 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\savedpasswordeditor@daniel.dawson.xpi
    [2013/11/25 18:55:05 | 000,030,097 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\savedpasswords@adamfranco.com.xpi
    [2013/11/25 18:52:39 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/11/25 18:55:05 | 000,024,565 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
    [2013/11/25 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/11/25 14:11:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2013/11/25 14:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/11/25 14:11:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/09/12 09:55:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2008/04/06 10:15:16 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll

    ========== Chrome ==========

    CHR - homepage: Yahoo Search - Web Search

    O1 HOSTS File: ([2013/10/26 08:02:44 | 000,445,546 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com mobile
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 ͨ,,𱦲188,ͨ,ټ,ټ
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15334 more lines...
    O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\213a088a-911e-42d0-885f-bf5690c5e692.exe (AVAST Software)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Yahoo! Dictionary - C:\Program Files\Yahoo!\Common [2008/09/03 12:16:22 | 000,000,000 | ---D | M]
    O8 - Extra context menu item: Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/03 12:16:22 | 000,000,000 | ---D | M]
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} http://www.hp.com/cpso-support-new/S...dObjSigned.cab (HPSDDX Class)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safety.live.com/reso...lscbase969.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1150308537109 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yahoo.com/dl/install...od/yregcfg.cab (RegConfig Class)
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} http://www.investors.com/member/ocx/plotwon.ocx (Plotwon Control)
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/tech...l/SymAData.cab (ActiveDataInfo Class)
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} Welcome to Flickr - Photo Sharing (PhotosCtrl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab (MSN Chat Control 4.5)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CEA5B5-F0D5-4ECE-8FF6-1A9F9AA06009}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3750B77-B884-446E-B1B7-FB87A1DD7386}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/01/30 13:16:21 | 000,000,018 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - Unable to obtain root file information for disk Y:\
    O33 - MountPoints2\##Gc-d610#T\Shell - "" = AutoRun
    O33 - MountPoints2\##Gc-d610#T\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\##Gc-d610#T\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 18:12:34 | 000,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{326e0f0d-c994-11e0-9e08-0011114d0977}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 18:12:34 | 000,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{8f8a221f-0e23-11e2-ba96-0011114d0977}\Shell\AutoRun\command - "" = G:\urDrive.exe
    O33 - MountPoints2\{8f8a2220-0e23-11e2-ba96-0011114d0977}\Shell\AutoRun\command - "" = G:\urDrive.exe
    O33 - MountPoints2\{c4266b3d-eea8-11dc-b3e9-001a703aa7c3}\Shell\AutoRun\command - "" = R:\setupSNK.exe
    O34 - HKLM BootExecute: (sdearlydelete)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (sdnclean.exe)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/26 15:37:29 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/11/26 13:30:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    [2013/11/25 16:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Application Data\0D0S1L2Z1P1B
    [2013/11/25 16:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Open It!
    [2013/11/25 16:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenIt
    [2013/11/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\My Documents\Downloads
    [2013/11/25 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/11/24 11:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Application Data\CrystalIdea Software
    [2013/11/23 11:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Save & Restore
    [2013/11/23 11:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Save and Restore
    [2013/11/23 10:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Desktop\Old Firefox Data
    [2013/11/23 09:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
    [2013/11/09 15:39:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\George Corkins\Recent
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2C0A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0C0A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0C04
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0816
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0804
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0424
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041F
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041E
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041D
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041B
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0419
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0416
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0415
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0414
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0413
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0412
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0411
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0410
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040E
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040D
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040C
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040B
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0409
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0408
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0407
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0406
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0405
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0404
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0401
    [2013/11/01 13:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Renesas Electronics
    [2013/11/01 13:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Renesas Electronics

    ========== Files - Modified Within 30 Days ==========

    [2013/11/26 15:48:00 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/11/26 15:41:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2013/11/26 15:41:08 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
    [2013/11/26 15:39:54 | 3219,288,064 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/26 15:05:35 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
    [2013/11/26 14:44:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
    [2013/11/26 13:59:18 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\HiJackThis.lnk
    [2013/11/26 13:30:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    [2013/11/26 13:26:55 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
    [2013/11/25 16:18:38 | 000,351,124 | ---- | M] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\mysearchdial-speeddial.crx
    [2013/11/25 14:10:28 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/11/25 14:10:27 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2013/11/25 10:48:56 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/11/24 14:29:02 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\procexp.exe.lnk
    [2013/11/24 11:38:35 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\speedyfox.lnk
    [2013/11/23 11:20:48 | 000,002,032 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\Norton Save & Restore.lnk
    [2013/11/23 11:16:58 | 000,417,569 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2013/11/23 09:57:30 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
    [2013/11/22 19:15:32 | 000,000,314 | -HS- | M] () -- C:\BOOT.INI
    [2013/11/06 12:26:01 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Access 2003 (2).lnk
    [2013/11/05 12:28:09 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2013/11/04 13:27:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/11/03 07:38:24 | 000,468,584 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2013/11/03 07:38:23 | 000,080,938 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

    ========== Files Created - No Company Name ==========

    [2013/11/25 16:19:08 | 000,351,124 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\mysearchdial-speeddial.crx
    [2013/11/24 14:29:07 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\procexp.exe.lnk
    [2013/11/24 11:51:25 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\speedyfox.lnk
    [2013/11/23 11:20:48 | 000,002,032 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\Norton Save & Restore.lnk
    [2013/07/16 09:33:51 | 000,038,483 | ---- | C] () -- C:\Documents and Settings\George Corkins\Application Data\Comma Separated Values (Windows).ADR
    [2013/06/28 05:44:37 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/06/26 12:01:11 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/06/26 12:01:11 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/03/01 14:28:48 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/03/01 14:28:47 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/01/19 16:19:57 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LaunchURL.bat
    [2012/07/14 07:34:49 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
    [2012/07/03 13:25:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2012/07/03 13:25:07 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2012/07/03 13:25:07 | 000,662,785 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2012/07/03 13:25:07 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2012/07/03 13:24:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/16 13:18:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2009/03/14 13:41:14 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2008/01/04 14:05:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George Corkins\LOG
    [2007/09/08 07:43:54 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\fusioncache.dat
    [2007/02/26 14:22:11 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/27 10:55:37 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\George Corkins\ntuser.pol
    [2006/12/23 12:57:44 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2006/12/10 10:54:30 | 000,235,257 | ---- | C] () -- C:\Documents and Settings\George Corkins\FAVORITES.htm
    [2006/11/29 12:17:40 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\George Corkins\Application Data\.zreglib
    [2004/11/12 16:07:13 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/03/19 13:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2010/02/14 08:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2012/10/29 14:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/11/12 10:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
    [2009/07/29 13:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CTdeveloping
    [2012/07/13 13:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2010/10/07 14:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2006/12/23 12:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    [2008/11/27 09:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2013/10/21 11:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2007/12/15 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2013/03/02 09:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
    [2007/09/20 11:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2005/07/13 13:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2006/12/11 16:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2007/12/05 12:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
    [2012/07/28 13:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2007/02/17 16:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2011/05/06 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2008/06/13 11:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2013/11/09 14:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/04/21 20:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2009/03/23 16:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/02/02 19:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2011/11/26 10:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/11 13:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/07 11:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2013/11/25 16:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\0D0S1L2Z1P1B
    [2007/09/12 12:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Active Disk
    [2013/08/17 09:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Check Point Software Technologies LTD
    [2012/03/27 09:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\CheckPoint
    [2013/11/24 11:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\CrystalIdea Software
    [2009/07/29 13:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\CTdeveloping
    [2006/12/12 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Elaborate Bytes
    [2010/03/19 13:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\GetRightToGo
    [2010/01/28 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Image Zone Express
    [2005/02/11 18:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\InterVideo
    [2009/02/16 14:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\IObit
    [2007/12/15 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\iolo
    [2006/01/28 14:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Leadertech
    [2006/10/12 14:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\MailFrontier(2)
    [2010/12/10 15:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\NCH Swift Sound
    [2005/06/03 15:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\OLYMPUS
    [2009/01/31 17:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\OpenOffice.org
    [2008/07/19 15:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Opera
    [2008/06/21 09:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Printer Info Cache
    [2006/12/11 16:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\RecordPad
    [2012/07/28 13:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Seagate
    [2006/04/02 14:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Simple Star
    [2011/02/24 14:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Sling Media
    [2006/11/29 12:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\SlySoft
    [2005/06/23 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Snapfish
    [2010/05/30 21:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\SystemRequirementsLab
    [2007/10/09 08:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\TechSmith
    [2007/04/21 20:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Ulead Systems
    [2006/10/12 14:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\WholeSecurity
    [2010/08/31 08:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Windows Desktop Search
    [2006/10/13 17:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Windows Live Safety Center
    [2010/08/31 09:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Windows Search
    [2010/05/29 03:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\WinPatrol
    [2010/09/06 11:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\wsInspector

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\UNWISE.EXE:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\dBase.pif:SummaryInformation
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

    < End of report >

  7. #6
    Member Putts's Avatar
    Join Date
    Jan 2007
    Location
    Noble, OK
    Posts
    266
    Points
    6

    Default

    Here are the logs. Moved files first

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared deleted successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_48 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_40 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_39 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\ch_23 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared folder moved successfully.
    Registry value HKEY_USERS\S-1-5-21-1892348803-1003128003-3251164504-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\USRpdA deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&eBay Search\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
    C:\Program Files\Mysearchdial folder moved successfully.
    Unable to delete ADS C:\UNWISE.EXE: SummaryInformation .
    Unable to delete ADS C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\dBase.pif: SummaryInformation .
    ADS C:\WINDOWS:57CF613D854D1C25 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC5A2B2 .
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\George Corkins\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\George Corkins\Desktop\cmd.txt deleted successfully.
    C:\Windows\tasks\At1.job moved successfully.
    C:\Windows\tasks\At2.job moved successfully.
    C:\Windows\tasks\At3.job moved successfully.
    C:\Windows\tasks\At4.job moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 2357 bytes
    ->Temporary Internet Files folder emptied: 211072 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32969 bytes

    User: George Corkins
    ->Temp folder emptied: 29550715 bytes
    ->Temporary Internet Files folder emptied: 2874624 bytes
    ->Java cache emptied: 185111 bytes
    ->FireFox cache emptied: 40843367 bytes
    ->Flash cache emptied: 827 bytes

    User: LocalService
    ->Temp folder emptied: 6006392 bytes
    ->Temporary Internet Files folder emptied: 156378 bytes

    User: NetworkService
    ->Temp folder emptied: 1980600 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 4343592 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 24521 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 44480868 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 549986333 bytes

    Total Files Cleaned = 649.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11262013_153729

    Files\Folders moved on Reboot...
    C:\Documents and Settings\George Corkins\Local Settings\Temp\~DFAB98.tmp moved successfully.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\ZLT0768a.TMP not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    OTL.txt

    OTL logfile created on: 11/26/2013 3:45:26 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George Corkins\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.44% Memory free
    6.75 Gb Paging File | 5.80 Gb Available in Paging File | 85.89% Paging File free
    Paging file location(s): C:\pagefile.sys 4000 4050 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.75 Gb Total Space | 50.76 Gb Free Space | 45.43% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 420.69 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 275.06 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
    Drive F: | 2794.51 Gb Total Space | 1780.84 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
    Drive G: | 2794.51 Gb Total Space | 2521.97 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
    Drive M: | 93.10 Gb Total Space | 58.91 Gb Free Space | 63.28% Space Free | Partition Type: NTFS
    Drive Q: | 465.76 Gb Total Space | 465.62 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
    Drive U: | 465.76 Gb Total Space | 379.81 Gb Free Space | 81.55% Space Free | Partition Type: NTFS
    Drive Y: | 93.10 Gb Total Space | 58.91 Gb Free Space | 63.28% Space Free | Partition Type: NTFS

    Computer Name: PRECISION370 | User Name: George Corkins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/26 13:30:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2013/10/18 21:25:57 | 000,456,768 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    PRC - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/08/30 01:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/05/07 09:54:56 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
    PRC - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
    PRC - [2011/09/16 13:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    PRC - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2004/12/03 10:52:38 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
    PRC - [2004/06/29 10:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    PRC - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe
    PRC - [2004/02/16 12:47:22 | 000,121,856 | -HS- | M] (ZQS Software Team) -- C:\WINDOWS\SYSTEM32\fpplock.exe
    PRC - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/11/26 07:28:23 | 002,240,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13112600\algo.dll
    MOD - [2013/10/09 15:20:56 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/09 15:18:57 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
    MOD - [2013/10/09 15:18:35 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/09 15:16:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013/08/14 15:04:18 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
    MOD - [2013/08/14 15:04:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/14 15:03:51 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
    MOD - [2013/08/14 14:59:00 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/14 14:58:20 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
    MOD - [2013/08/14 14:54:54 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/07/15 11:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    MOD - [2013/07/11 12:19:59 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
    MOD - [2013/07/11 12:10:24 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2012/11/29 10:14:54 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
    MOD - [2007/02/13 18:58:14 | 002,946,664 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\VProRecovery\VProObj.dll
    MOD - [2007/02/13 18:57:02 | 001,685,104 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\VProRecovery\EventMonitors.dll
    MOD - [2004/06/28 13:37:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\SYSTEM32\custmon2k.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)
    SRV - [2013/11/12 21:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
    SRV - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/05/07 09:54:56 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2010/11/16 16:50:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
    SRV - [2007/02/13 18:57:06 | 002,655,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)
    SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2006/10/31 10:32:09 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2004/12/03 10:52:38 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
    SRV - [2004/06/29 10:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
    SRV - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
    SRV - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tixhci.sys -- (tixhci)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tihub3.sys -- (tihub3)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss.sys -- (StreamSurge)
    DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SpywareDetector\SDManager.sys -- (SDManager)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\C.tmp -- (MEMSWEEP2)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Player\cds300.dll -- (caed5d8b-8ad3-46e9-858e-3135378e7be7)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
    DRV - [2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (Vsdatant)
    DRV - [2013/08/30 01:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/08/30 01:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/08/30 01:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/08/30 01:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/08/30 01:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2013/08/30 01:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/08/30 01:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/08/30 01:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/07/31 05:23:50 | 000,121,688 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -- (AnyDVD)
    DRV - [2012/11/29 10:48:48 | 006,812,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
    DRV - [2012/08/27 18:43:18 | 000,177,800 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
    DRV - [2012/08/27 18:43:16 | 000,085,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nusb3hub.sys -- (nusb3hub)
    DRV - [2012/05/14 00:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtihdXP3.sys -- (AtiHDAudioService)
    DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/05/03 10:30:28 | 000,068,608 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pcatip.sys -- (Pcatip)
    DRV - [2008/04/13 12:41:00 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ppa3.sys -- (ppa3)
    DRV - [2008/04/13 12:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
    DRV - [2007/02/13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WimFltr.sys -- (WimFltr)
    DRV - [2007/02/13 18:33:06 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symsnap.sys -- (symsnap)
    DRV - [2007/02/13 18:33:04 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v2imount.sys -- (v2imount)
    DRV - [2007/02/13 18:30:28 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor)
    DRV - [2006/03/09 10:33:22 | 000,366,080 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -- (RT61)
    DRV - [2005/09/26 07:25:29 | 000,055,168 | ---- | M] (Macrovision Europe Ltd) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sdcplh.sys -- (sdcplh)
    DRV - [2005/04/21 12:33:12 | 000,112,384 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wg111v2.sys -- (RTLWUSB)
    DRV - [2005/03/23 11:57:00 | 000,147,328 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (WUSB54GPV4SRV)
    DRV - [2004/12/03 10:52:50 | 000,050,898 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IomDisk.sys -- (iomdisk)
    DRV - [2004/12/01 00:48:35 | 000,485,248 | ---- | M] (Iomega Corporation) [File_System | Boot | Unknown] -- C:\WINDOWS\System32\drivers\dnbudf.sys -- (dnbudf)
    DRV - [2004/11/26 13:16:12 | 000,122,368 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Xstream.sys -- (WISTechVIDCAP)
    DRV - [2004/11/26 13:13:24 | 000,013,696 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\XLoader.sys -- (XLoader)
    DRV - [2004/06/29 13:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dontgo.sys -- (dontgo)
    DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
    DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X)
    DRV - [2004/03/09 08:58:06 | 000,329,088 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\3c1807pd.sys -- (3c1807pd)
    DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
    DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
    DRV - [2003/12/17 08:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042pr2.Sys -- (L8042pr2)
    DRV - [2003/12/17 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
    DRV - [2003/12/17 08:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
    DRV - [2003/11/11 17:10:52 | 000,006,784 | ---- | M] (SIIG, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\portmon2.sys -- (portmon2)
    DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bb-run.sys -- (bb-run)
    DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (Pfc)
    DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)
    DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRpdA.sys -- (USRpdA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Yahoo SearchBar Home Page
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo SearchBar Home Page
    IE - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyE0DtDzyyByBtA0AtA0DtN0D0Tzu0CyCzyyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=915785021&ir=
    IE - HKCU\..\SearchScopes\Google: "URL" = %s - Google Search
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
    FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.3
    FF - prefs.js..extensions.enabledAddons: savedpasswords%40adamfranco.com:1.2.4
    FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.7.1
    FF - prefs.js..extensions.enabledAddons: myhomepage_manishjain9%40gmail.com:1.2
    FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_24: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/12 09:55:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/25 14:11:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/25 14:11:22 | 000,000,000 | ---D | M]

    [2008/08/27 11:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Extensions
    [2013/11/26 08:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions
    [2013/11/25 18:55:05 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013/11/25 18:55:05 | 000,013,802 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\myhomepage_manishjain9@gmail.com.xpi
    [2013/11/26 08:43:13 | 000,057,194 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
    [2013/11/25 18:55:05 | 000,215,334 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\savedpasswordeditor@daniel.dawson.xpi
    [2013/11/25 18:55:05 | 000,030,097 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\savedpasswords@adamfranco.com.xpi
    [2013/11/25 18:52:39 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/11/25 18:55:05 | 000,024,565 | ---- | M] () (No name found) -- C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
    [2013/11/25 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/11/25 14:11:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2013/11/25 14:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/11/25 14:11:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/09/12 09:55:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2008/04/06 10:15:16 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll

    ========== Chrome ==========

    CHR - homepage: Yahoo Search - Web Search

    O1 HOSTS File: ([2013/10/26 08:02:44 | 000,445,546 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com mobile
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 ͨ,,𱦲188,ͨ,ټ,ټ
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15334 more lines...
    O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\213a088a-911e-42d0-885f-bf5690c5e692.exe (AVAST Software)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Yahoo! Dictionary - C:\Program Files\Yahoo!\Common [2008/09/03 12:16:22 | 000,000,000 | ---D | M]
    O8 - Extra context menu item: Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/03 12:16:22 | 000,000,000 | ---D | M]
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} http://www.hp.com/cpso-support-new/S...dObjSigned.cab (HPSDDX Class)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safety.live.com/reso...lscbase969.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1150308537109 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yahoo.com/dl/install...od/yregcfg.cab (RegConfig Class)
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} http://www.investors.com/member/ocx/plotwon.ocx (Plotwon Control)
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/tech...l/SymAData.cab (ActiveDataInfo Class)
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} Welcome to Flickr - Photo Sharing (PhotosCtrl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab (MSN Chat Control 4.5)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CEA5B5-F0D5-4ECE-8FF6-1A9F9AA06009}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3750B77-B884-446E-B1B7-FB87A1DD7386}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/01/30 13:16:21 | 000,000,018 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - Unable to obtain root file information for disk Y:\
    O33 - MountPoints2\##Gc-d610#T\Shell - "" = AutoRun
    O33 - MountPoints2\##Gc-d610#T\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\##Gc-d610#T\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 18:12:34 | 000,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{326e0f0d-c994-11e0-9e08-0011114d0977}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 18:12:34 | 000,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{8f8a221f-0e23-11e2-ba96-0011114d0977}\Shell\AutoRun\command - "" = G:\urDrive.exe
    O33 - MountPoints2\{8f8a2220-0e23-11e2-ba96-0011114d0977}\Shell\AutoRun\command - "" = G:\urDrive.exe
    O33 - MountPoints2\{c4266b3d-eea8-11dc-b3e9-001a703aa7c3}\Shell\AutoRun\command - "" = R:\setupSNK.exe
    O34 - HKLM BootExecute: (sdearlydelete)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (sdnclean.exe)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/26 15:37:29 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/11/26 13:30:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    [2013/11/25 16:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Application Data\0D0S1L2Z1P1B
    [2013/11/25 16:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Open It!
    [2013/11/25 16:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenIt
    [2013/11/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\My Documents\Downloads
    [2013/11/25 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/11/24 11:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Application Data\CrystalIdea Software
    [2013/11/23 11:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Save & Restore
    [2013/11/23 11:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Save and Restore
    [2013/11/23 10:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Corkins\Desktop\Old Firefox Data
    [2013/11/23 09:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
    [2013/11/09 15:39:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\George Corkins\Recent
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2C0A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0C0A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0C04
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0816
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0804
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0424
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041F
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041E
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041D
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\041B
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0419
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0416
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0415
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0414
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0413
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0412
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0411
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0410
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040E
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040D
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040C
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040B
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\040A
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0409
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0408
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0407
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0406
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0405
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0404
    [2013/11/01 13:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\0401
    [2013/11/01 13:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Renesas Electronics
    [2013/11/01 13:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Renesas Electronics

    ========== Files - Modified Within 30 Days ==========

    [2013/11/26 15:48:00 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/11/26 15:41:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2013/11/26 15:41:08 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
    [2013/11/26 15:39:54 | 3219,288,064 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/26 15:05:35 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
    [2013/11/26 14:44:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
    [2013/11/26 13:59:18 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\HiJackThis.lnk
    [2013/11/26 13:30:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George Corkins\Desktop\OTL.exe
    [2013/11/26 13:26:55 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
    [2013/11/25 16:18:38 | 000,351,124 | ---- | M] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\mysearchdial-speeddial.crx
    [2013/11/25 14:10:28 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/11/25 14:10:27 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2013/11/25 10:48:56 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/11/24 14:29:02 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\procexp.exe.lnk
    [2013/11/24 11:38:35 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\speedyfox.lnk
    [2013/11/23 11:20:48 | 000,002,032 | ---- | M] () -- C:\Documents and Settings\George Corkins\Desktop\Norton Save & Restore.lnk
    [2013/11/23 11:16:58 | 000,417,569 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2013/11/23 09:57:30 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
    [2013/11/22 19:15:32 | 000,000,314 | -HS- | M] () -- C:\BOOT.INI
    [2013/11/06 12:26:01 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Access 2003 (2).lnk
    [2013/11/05 12:28:09 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2013/11/04 13:27:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/11/03 07:38:24 | 000,468,584 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2013/11/03 07:38:23 | 000,080,938 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

    ========== Files Created - No Company Name ==========

    [2013/11/25 16:19:08 | 000,351,124 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\mysearchdial-speeddial.crx
    [2013/11/24 14:29:07 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\procexp.exe.lnk
    [2013/11/24 11:51:25 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\speedyfox.lnk
    [2013/11/23 11:20:48 | 000,002,032 | ---- | C] () -- C:\Documents and Settings\George Corkins\Desktop\Norton Save & Restore.lnk
    [2013/07/16 09:33:51 | 000,038,483 | ---- | C] () -- C:\Documents and Settings\George Corkins\Application Data\Comma Separated Values (Windows).ADR
    [2013/06/28 05:44:37 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/06/26 12:01:11 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/06/26 12:01:11 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/03/01 14:28:48 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/03/01 14:28:47 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/01/19 16:19:57 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LaunchURL.bat
    [2012/07/14 07:34:49 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
    [2012/07/03 13:25:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2012/07/03 13:25:07 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2012/07/03 13:25:07 | 000,662,785 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2012/07/03 13:25:07 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2012/07/03 13:24:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/16 13:18:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2009/03/14 13:41:14 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2008/01/04 14:05:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George Corkins\LOG
    [2007/09/08 07:43:54 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\fusioncache.dat
    [2007/02/26 14:22:11 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/27 10:55:37 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\George Corkins\ntuser.pol
    [2006/12/23 12:57:44 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2006/12/10 10:54:30 | 000,235,257 | ---- | C] () -- C:\Documents and Settings\George Corkins\FAVORITES.htm
    [2006/11/29 12:17:40 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\George Corkins\Application Data\.zreglib
    [2004/11/12 16:07:13 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\George Corkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/03/19 13:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2010/02/14 08:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2012/10/29 14:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/11/12 10:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
    [2009/07/29 13:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CTdeveloping
    [2012/07/13 13:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2010/10/07 14:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2006/12/23 12:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    [2008/11/27 09:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2013/10/21 11:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2007/12/15 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2013/03/02 09:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
    [2007/09/20 11:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2005/07/13 13:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2006/12/11 16:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2007/12/05 12:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
    [2012/07/28 13:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2007/02/17 16:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2011/05/06 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2008/06/13 11:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2013/11/09 14:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/04/21 20:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2009/03/23 16:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/02/02 19:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2011/11/26 10:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/11 13:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/07 11:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2013/11/25 16:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\0D0S1L2Z1P1B
    [2007/09/12 12:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Active Disk
    [2013/08/17 09:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Check Point Software Technologies LTD
    [2012/03/27 09:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\CheckPoint
    [2013/11/24 11:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\CrystalIdea Software
    [2009/07/29 13:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\CTdeveloping
    [2006/12/12 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Elaborate Bytes
    [2010/03/19 13:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\GetRightToGo
    [2010/01/28 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Image Zone Express
    [2005/02/11 18:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\InterVideo
    [2009/02/16 14:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\IObit
    [2007/12/15 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\iolo
    [2006/01/28 14:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Leadertech
    [2006/10/12 14:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\MailFrontier(2)
    [2010/12/10 15:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\NCH Swift Sound
    [2005/06/03 15:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\OLYMPUS
    [2009/01/31 17:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\OpenOffice.org
    [2008/07/19 15:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Opera
    [2008/06/21 09:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Printer Info Cache
    [2006/12/11 16:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\RecordPad
    [2012/07/28 13:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Seagate
    [2006/04/02 14:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Simple Star
    [2011/02/24 14:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Sling Media
    [2006/11/29 12:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\SlySoft
    [2005/06/23 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Snapfish
    [2010/05/30 21:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\SystemRequirementsLab
    [2007/10/09 08:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\TechSmith
    [2007/04/21 20:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Ulead Systems
    [2006/10/12 14:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\WholeSecurity
    [2010/08/31 08:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Windows Desktop Search
    [2006/10/13 17:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Windows Live Safety Center
    [2010/08/31 09:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\Windows Search
    [2010/05/29 03:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\WinPatrol
    [2010/09/06 11:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Corkins\Application Data\wsInspector

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\UNWISE.EXE:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\George Corkins\Application Data\Microsoft\Internet Explorer\Quick Launch\dBase.pif:SummaryInformation
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

    < End of report >

  8. #7
    Member Putts's Avatar
    Join Date
    Jan 2007
    Location
    Noble, OK
    Posts
    266
    Points
    6

    Default

    Sorry about the duplicate post. This happened before. After I hit Post Quick Reply it was waiting & waiting to connect. Then asked me if I wanted to leave the page with no indication that the post went thru. I'll be busy for a few minutes. My wife has assigned me a chore.

    George

  9. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    OK,

    Lets check for addware,


    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

  10. The Following User Says Thank You to zep516 For This Useful Post:


  11. #9
    Member Putts's Avatar
    Join Date
    Jan 2007
    Location
    Noble, OK
    Posts
    266
    Points
    6

    Default

    Sorry it took so long. When I downloaded AdwCleaner I could not figure out where it had saved the file. I had to get the file from my laptop. And you are right that log is confusing. I'm not sure if I need any of that stuff. Here's the log:

    # AdwCleaner v3.013 - Report created 26/11/2013 at 16:29:33
    # Updated 24/11/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : George Corkins - PRECISION370
    # Running from : C:\Documents and Settings\George Corkins\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Documents and Settings\George Corkins\Local Settings\Application Data\mysearchdial-speeddial.crx
    Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\open it!
    Folder Found C:\Documents and Settings\George Corkins\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Found C:\Documents and Settings\George Corkins\Local Settings\Application Data\AVG Security Toolbar
    Folder Found C:\Documents and Settings\George Corkins\Local Settings\Application Data\Coupon Companion
    Folder Found C:\Documents and Settings\George Corkins\Local Settings\Application Data\filetypeassistant
    Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\filetypeassistant
    Folder Found C:\Program Files\Coupon Companion
    Folder Found C:\Program Files\openit

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Uniblue
    Key Found : HKCU\Software\Uniblue\DriverScanner
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443393}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447793}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\Software\InstallCore
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v7.0.6000.21357

    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyE0DtDzyyByBtA0AtA0DtN0D0Tzu0CyCzyyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=915785021&ir=

    -\\ Mozilla Firefox v25.0.1 (en-US)

    [ File : C:\Documents and Settings\George Corkins\Application Data\Mozilla\Firefox\Profiles\308odhsg.default-1385420400125\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\George Corkins\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

    Found : homepage
    Found : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [5633 octets] - [26/11/2013 16:29:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5693 octets] ##########

  12. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    More left over stuff, no big deal. keep the zone alarm tool bar, I think you un-check it so it does not get removed.


    Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar keep that it's for zone alarm remove the rest.
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

  13. The Following User Says Thank You to zep516 For This Useful Post:


Page 1 of 4 123 ... LastLast